Hi, Guido Günther: > On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote: >> #include <abstractions/ubuntu-browsers.d/chromium-browser>
> This file is currently not included in Debian's apparmor > package. @intrigeri, can this be added? Before r1608 (in Vcs-Bzr) we shipped that file in /usr/share/apparmor-profiles/abstractions/ubuntu-browsers.d/ I don't see any Include directive for that path in /etc/apparmor/parser.conf, so I doubt it was actually used. > I assume we don't want other packages to mess around > in abstractions? I think it's fine: any package can ship the abstractions it needs (and quite a few do), as long as side-effects are considered carefully. In the case at hand, it seems that /etc/apparmor.d/abstractions/ubuntu-browsers.d is a place from which profiles can include selected bits they need, rather than a directory that will get included all at once, so there's no side effect and we should be good (checked with codesearch.d.net that supports my guess :) Cheers, -- intrigeri
