[apparmor] handling disable and complain (was: Re: [patch] mkdir /etc/apparmor.d/disable)
Christian Boltz
apparmor at cboltz.de
Wed Oct 19 22:31:45 UTC 2011
Hello,
Am Mittwoch, 19. Oktober 2011 schrieb John Johansen:
> Now for the rant.
>
> I absolutely detest this mechanism for disable and complain (yes I
> know why it was done), and would prefer we revisit this again for the
> future
The method with symlinks in /etc/apparmor.d/disable has some advantages:
- no need to edit the profiles
- profiles don't magically come back (which could happen if you delete a
profile and then install a new apparmor-profiles package)
- enabling or disabling a profile is easy (just create/delete a symlink)
I'm open for your proposal of a better mechanism - ideally it has all
the advantages I listed above and fixes all the things you don't like
;-)
> (I know a collective scream of no). </rant>
;-))
Regards,
Christian Boltz
--
Bist du Rechtsanwalt oder soll ich das persönlich nehmen?
[Marius Brehler in suse-talk]
More information about the AppArmor
mailing list