Hi Seth, Le mercredi, 15 janvier 2014, 11.14:07 Seth Arnold a écrit : > On Wed, Jan 15, 2014 at 07:30:52PM +0100, intrigeri wrote: > > From: Didier Raboud <o...@debian.org> > > apparmor could have an 'interest /etc/apparmor.d/' triggers file and > > its postinst would then do the machinery to create (or remove) the > > /etc/apparmor.d/local/* files accordingly. > > This does sound nice, but the next part worries me.. > > > This could also have the side benefit of only running > > apparmor_parser once for all files installed at the same time. > > When would this single apparmor_parser run happen? It needs to happen > before daemons are started or restarted in their postinst scripts, > otherwise the AppArmor policy won't be enforced.
As far as I understand deb-triggers' manpage, this can be enforced using 'activate /etc/apparmor.d/', which will then make the trigger run "at the start of the configure operation", which ensures exactly what you want. Cheers, OdyX
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
