Bug#1034055: fwknop-apparmor-profile: AppArmor profile installed in systemd system service path
Le 7/04/23 à 20:19, Francois Marier a écrit : On 2023-04-07 at 07:23:07, Laurent Bigonville (bi...@debian.org) wrote: It seems that you install the apparmor profile in the path for systemd system service The following change should be reverted: https://salsa.debian.org/debian/fwknop/-/commit/d3a5aaef39fedc1bb94e26921afbf63f79b31af7 Hm, that does look like a mistake. I don't remember what might have caused me to make that change. I guess the apparmor profile hasn't been in use for a while then. It seems like it's too late in the release process to re-add it in bookworm. Here's what I'm thinking of doing: - move it to /usr/share/apparmor/extra-profiles/ (so it's not turned on by default) for bookworm - move it back to /etc/apparmor.d/ after bookworm Alternatively, I could also not change anything for bookworm since it's not enabled as an AppArmor profile and it will be ignored as a systemd unit file. What do you think? Sorry for the late answer. I see that you moved the file to /usr/share/apparmor/extra-profiles/, for now it's OK I guess, might be indeed be too late to enable the profile so late in the development cycle An other option for bookworm+1 is to move the file back to /etc/apparmor.d/ AND merge the profile back in the main package so it's installed along side the daemon and kill fwknop-apparmor-profile (that package only ships one file AFAICS) Apparmor profile can be put in complain/non-enforcing mode if the user really wants to.
Bug#1034055: fwknop-apparmor-profile: AppArmor profile installed in systemd system service path
On 2023-04-07 at 07:23:07, Laurent Bigonville (bi...@debian.org) wrote: > It seems that you install the apparmor profile in the path for systemd system > service > > The following change should be reverted: > https://salsa.debian.org/debian/fwknop/-/commit/d3a5aaef39fedc1bb94e26921afbf63f79b31af7 Hm, that does look like a mistake. I don't remember what might have caused me to make that change. I guess the apparmor profile hasn't been in use for a while then. It seems like it's too late in the release process to re-add it in bookworm. Here's what I'm thinking of doing: - move it to /usr/share/apparmor/extra-profiles/ (so it's not turned on by default) for bookworm - move it back to /etc/apparmor.d/ after bookworm Alternatively, I could also not change anything for bookworm since it's not enabled as an AppArmor profile and it will be ignored as a systemd unit file. What do you think? Francois
Bug#1034055: fwknop-apparmor-profile: AppArmor profile installed in systemd system service path
Package: fwknop-apparmor-profile Version: 2.6.10-13 Severity: serious Hello It seems that you install the apparmor profile in the path for systemd system service The following change should be reverted: https://salsa.debian.org/debian/fwknop/-/commit/d3a5aaef39fedc1bb94e26921afbf63f79b31af7 Kind regards, Laurent Bigonville -- System Information: Debian Release: 12.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fwknop-apparmor-profile depends on: pn fwknop-server fwknop-apparmor-profile recommends no packages. fwknop-apparmor-profile suggests no packages.