Control: tag -1 + moreinfo Hi,
Christian Boltz (2021-01-07): > I'd argue that this is a problem that is already solved ;-) > > Starting with AppArmor 3.0, all[1] upstream abstractions come with a > rule like (example taken from abstractions/base): > > include if exists <abstractions/base.d> > > so if you create that directory and place a file there, it will be > included by the abstraction. > [...] > For abstractions shipped by individual package (like libvirt), it would > also make sense to add an include if exists <abstractions/$whatever.d> > rule to make it easy to add something to an abstraction. I like what Christian Boltz is proposing (thanks!): as far as I understand, it can happen in libvirt upstream, will benefit even non-Debian distros, and does not require modifying dh-apparmor. Christian Ehrhardt, how does it sound? Any reason why the approach you initially suggested on this bug report is better? Cheers!
