[apparmor] [PATCH 1/1] dnsmasq: Remove lxd-bridge

[Petr Vorel]

Hi Seth,

> On Mon, Nov 19, 2018 at 06:17:23PM +0100, Petr Vorel wrote:
> > lxd-bridge was removed in lxd 2.3
> > -  /{,var/}run/lxd-bridge/dnsmasq.pid   rw,

> On Mon, Nov 19, 2018 at 08:17:21PM +0100, Petr Vorel wrote:
> > -  /{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,

> On Mon, Nov 19, 2018 at 08:17:20PM +0100, Petr Vorel wrote:
> > NetworkManager moved dnsmasq config files from /var/run/ into
> > /var/run/NetworkManager/ long time ago in 0.9.8 in commit d82669d3f

> > -  /{,var/}run/nm-dns-dnsmasq.conf r,
> > -  /{,var/}run/nm-dnsmasq-*.pid rw,

> Hello Petr,

> Thanks for the profile patches; however, I don't think we want to apply
> these changes just yet. We rarely *remove* rules from AppArmor profiles
> because we do not want to break deployed users. (The python 2 -> python 3
> transition pain is still very fresh in our minds.)

> I'd only be comfortable removing these perhaps a decade after their
> upstreams stopped using them.

> Sure it's unlikely for someone to take a newish AppArmor and deploy it on
> an Ubuntu 12.04 LTS-era host, but I don't want AppArmor to be known as a
> project where you *can't* do that.

> Thanks

thanks for info. I understand your concern, backward compatibility must be
taken seriously.

I dared to send these patches, as fixes of NetworkManager 0.9.8 (trusty
14.04LTS)) has AppArmor 2.10, and there are other stable branches (2.11, 2.12,
2.13), I thought these changes go to master (and future branch).
LXD change is newer (xenial (16.04LTS), that would be even more dangerous.

Kind regards,
Petr