On Wed, Oct 09, 2013 at 12:27:15PM +0200, intrigeri wrote: > intrigeri wrote (12 Aug 2013 18:11:31 GMT) : > >>> So I'm fine with the change, however we are going to want a dconf-update > >>> abstraction at some point the ability to update dconf will require more > >>> than just write for the distros that choose to ship the extended mediation > >>> bits we are working on. > > >> I know basically nothing about these extended mediation, so I'm > >> certainly not the best person to write profiles that make good use of > >> this functionality. Moreover, unless they've reached the 2.8 branch + > >> mainline Linux already (they haven't, right?), the distro I'm working > >> on does not ship these bonus bits. > > >> As far as Debian is concerned, I think it makes more sense for me to > >> focus on integrating basic functionality first. > > >>> So either you can modify your patch to provide this or we can come up > >>> with a follow-up patch. > > >> I prefer if you take my patch that deals with read-only access now, > >> and then follow-up with the -update stuff once you have the needed > >> bits working. > > Ping?
Sorry for the delay. Adding a dconf abstraction that grants the ability to query dconf settings seems reasonable for now. Profile authors will want to think carefully about granting write access, due to our current inability to prevent writes to a subset of the dconf hierarchy. Acked-by: Steve Beattie <st...@nxnw.org> and committed to trunk (rev 2209). Thanks! > Apart of the Totem-related series I've just sent, I believe this > is my only pending patch currently. Excellent. Thanks for pushing these. > Once these are in, I intend to propose a few selected profiles (Evince > and Pidgin, to start with) for integration to their respective > maintainers in Debian. And probably have apparmor-profiles updated in > there too. Then, we can finally try and see how we can efficiently > share the maintenance of these profiles between Ubuntu, Debian, and > anyone who's interested! :) Yep, sharing the maintenance of policy is important. Our current means of doing so I grant is suboptimal (and not just because of slack reviewers that take too long to get back to you on proposed policy updates, though that doesn't help, either). Ideas on how with not a lot of effort we can improve on this would be greatly appreciated. -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
