Le mar. 26 févr. 2019 à 09:06, intrigeri <intrig...@debian.org> a écrit : > > Hi, > > Christian Boltz: > > I'm not sure if I like your samba/... path - it's not bad on itsself, > > but it opens a can of worms. > > … and it's actually an even deeper can of worms: arguably /etc is not > the right place to store auto-generated files that the local > administrator should not touch. They should be in /var. But from > a Debian perspective, it's way too late in the Buster dev cycle to > tackle this related problem. > > > Let's assume for a moment that more > > programs auto-generate profile sniplets. Do we really want to have one > > directory for each of them (always holding a single file)? I'm afraid > > that might produce an interesting forest in /etc/apparmor.d/... > > On my system I currently have 43 regular files (profiles) at the top > level under /etc/apparmor.d/, 5 standard directories created by the > apparmor package, and a couple program-specific directories (libvirt, > lxc). It's not obvious to me what's the problem with creating a few > more directories in there. Can you please explain? :) > > > Counter-proposal: What about /etc/apparmor.d/autogenerated/$whatever ? > > That directory could be used by multiple programs. > > If there's a good reason why creating per-program directories > (= namespaces) directly under /etc/apparmor.d/ and why /var is not an > option, fine. But then the proverbial $someone needs to migrate > libvirt there, otherwise we're just creating a N+1'th standard¹ and > making things more inconsistent than they already are. > > Wrt. Debian and Buster: this path is mostly an internal implementation > detail and it seems easy to change it later. Since there's no clear > consensus at this point, I would not block on this conversation and > I recommend uploading src:samba using the path I've already added > support for. Then we can have this conversation in a relaxed manner > instead of under a super-tight schedule, aiming at finding a great > solution for Bullseye (Debian 11), ideally under /var.
OK. Will do like this Regards -- Mathieu