Hello, Am Samstag, 9. September 2017, 20:24:40 CEST schrieb intrigeri: > Clément Hermann: > > apparmor profiles should be removed with `apparmor_parser -R > > <profile>` before uninstallation (prerm). > > Agreed, good catch. I'm not sure if we want to do that only when > purging, or on "normal" removal as well. What do you think? > > Ubuntu/OpenSUSE people, what do you think about 1. the general idea of > unloading profiles when de-installing the package that ships them;
TL;DR: I'd strongly recommend *not* to unload profiles when de-installing a package. Both unloading and not unloading a profile can cause trouble, so let me describe both situations: If you don't unload the profile on package uninstall, there's a risk that the profile gets accidently applied to a newly installed binary with the same path. An example might be /usr/sbin/sendmail when replacing sendmail with postfix. (Note that I didn't check if there's a profile for this binary, it's just one of the very few examples I can think of.) An additional condition is that the new package doesn't include an AppArmor profile - otherwise the still-loaded profile would be replaced. So all in all, this can happen, but is very unlikely IMHO. OTOH, if you unload a profile, and a program from this package is still running, unloading the profile means to remove the confinement from the running program. In other words: the still-running program can now do whatever it wants. I prefer to error out on the safe side, therefore I recommend not to unload profiles on package uninstallation. The security risks this prevents clearly outweight the (unlikely) problems with still-loaded profiles. BTW: I assume there isn't a "killall -9" for every binary shipped in the package in prerm, right? ;-) Unloading the profiles wouldn't be too different to that IMHO. > 2. unload on removal vs. on purge? Sorry, EWRONGPACKAGEMANAGER ;-) Regards, Christian Boltz -- Last I checked, developers were still human [Bryen M Yunashko in opensuse-project]
signature.asc
Description: This is a digitally signed message part.