On Thu, 07 Dec 2017 10:08:54 +0100 intrigeri <intrig...@debian.org> wrote: [...] > > I think we should: > > - move the features file to a non-conffile location ASAP: not only it > makes little sense for it to be a conffile, but if I manage to get > a pinned feature set in Stretch at some point you'll want this in > order to divert the features file; I am finalizing a new upload > to sid as we speak, but I can wait a bit for you to finish your > patch so I can include it. Ideally I would like to upload today, > worst case tomorrow, to fix #883703 ASAP. >
Again not really up2date with apparmor, but the features file seems to be part of the policy, if a policy creator wants to modify the policy he might need to modify this file as well same if a user is building his own kernel. I'm not sure why it was necessary to move in a /usr/share location. There seems to have no override mechanism here that meas that if anybody has modified the features file now that you move that file to /usr it means that the changes will completely be ignored (leading to possible boot failures).
The complete policy is already in /etc (that's something that I dislike about Apparmor) anyway
my 2¢
