Hi again, On Tue, Dec 26, 2017 at 12:34:28PM +0100, Guido Günther wrote: > > > > Update from 52.4.0 with already disabled AA profile: > > The new version holds the disabled AA profile, I just need to do a 'ln > > -sf' to prevent a exit code 1 if the symlink is already existing. > > Ah, good catch. I'd rather do a > > [ -f /etc/apparmor.d/disable/usr.bin.thunderbird ] || ln -s > /etc/apparmor.d/usr.bin.thunderbird > /etc/apparmor.d/disable/usr.bin.thunderbird > > in this case since the user might have the symlink point somewhere else > for whatever reason. I think we don't want to overwrite that if he made > a deliberate choice.
yes, agreed. Will adopt this. > > Anything I'm still missing? > > Did you test reinstalling 52.5.2 on top of 52.5.2 with removed link. It > shouldn't be recreated in this case (and if it works for this version it > will work for all later versions). Yes, but I forgot to write this down here. Both possible situations worked like wanted, updating 52.5.2-1 to -2 holds the disabled profile in case the user didn't made some changes on the default installation before. The other case is also working, a re-enabled profile stays enabled after the update to -2. I will prepare and do a upload in the next hours. Thanks for fixing and helping on this unpleasant detail! Regards Carsten