Hello, Am Samstag, 29. August 2015 schrieb intrigeri: > Nicolas Braud-Santoni wrote (21 Aug 2015 15:24:44 GMT) :
> * Was this tested on current sid with systemd as pid 1? (that's > a must) > * Was this tested on Ubuntu? (nice to have, not a must) The profile works on openSUSE, so I'd guess it should work everywhere ;-) Note that haveged.service has DefaultDependencies=No (at least on openSUSE), so you might need to add After=apparmor.service to ensure the profile gets loaded first. > > +/usr/sbin/haveged { > > + #include <abstractions/base> > > + #include <local/usr.sbin.haveged> > > Please move the "local" line to the end of the profile, for > consistency with how all other profiles do it Good idea, even if it's only cosmetics. > (also, I suspect this > allows overriding some default settings). The ordering of rules is not relevant. The only thing that overrides everything are "deny" rules. > Otherwise, sounds great! I don't remember if you've already sent this > to the AppArmor upstream mailing-list for review. Did you? Yes, please do that ;-) Regards, Christian Boltz -- > Ansonsten: Ich sage nur "Diwasserstoffmonoxid". Ja, ein äußerst schädliches Zeugs, vor allem wenn es in guten Malt gerät. [A. Schreiber und R. Döblitz]