Control: retitle -1 Improve support for rootfs-on-overlayfs systems Control: severity -1 wishlist Control: tag -1 + upstream
Hi, Sorry for the delay! Stefan Baur (2020-06-16): > So if it's hard to get apparmor and overlayfs to play along nicely, > maybe the check shouldn't be for a Debian Live environment but more > generally for an environment that has its root file system mounted via > overlayfs? To avoid breaking existing installs of that kind, it should > probably print a warning to syslog instead of disabling apparmor completely. > [...] > On apparmor install/startup, check for an overlay mount, and if it is > present, warn the user that they may need to change/add paths in their > apparmor profiles? For the record, I don't plan to work on this myself. The general problem at hand is not specific to Debian, so I encourage folks who would like to work on this to discuss it on the upstream AppArmor mailing list: who knows, perhaps another distro has a solution already :) Cheers!