On Wed, Jan 09, 2019 at 11:48:44PM +0100, Mikhail Morfikov wrote:
> @{exec_path} = /usr/bin/keepassxc
> profile keepassxc @{exec_path} {
> }
> # aa-complain usr.bin.keepassxc
> ERROR: Profile for @{exec_path} exists in /etc/apparmor.d/some-app and
> /etc/apparmor.d/some-other-app
> Should this happen? Should I avoid using the code
> snipped to make profiles and use regular paths instead?
I guess you'll have to decide if your abstraction to make it easy to
change the location of binaries saves you enough trouble that it's worth
no longer being able to use the python-based utilities. If you've built
enough infrastructure around your tooling it might be easy to extend it to
do whatever the python-based tooling does and you're missing. If you've
not yet built much infrastructure around your abstraction, this might not
be quite as compelling.
Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
