On Sat 18 Sep 2021 at 08:43:50 (-0400), Greg Wooledge wrote: > On Sat, Sep 18, 2021 at 12:54:36PM +0200, Roger Price wrote: > > In site.local I found > > > > # The following is a space-separated list of where additional user home > > # directories are stored, each must have a trailing '/'. Directories added > > # here are appended to @{HOMEDIRS}. See tunables/home for details. Eg: > > #@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/ > > > > where curiously, the apparmor installation seems to have detected my > > non-common /home and made the necessary addition, but appended to a > > commented out example. > > It wasn't "detected". That's the generic site.local file that everyone > has. The commented-out line is provided as an example. > > What you're supposed to do is either: > > (a) Uncomment that last line, and edit it. > > (b) Copy that last line, uncomment the copy, and edit the copy. > > I prefer (b) myself.
Yes, it's pretty obvious what's going on if you actually do "See tunables/home for details", because that has the = definition that the += is appending to. <nitpick> But — the last line of that comment above is actually inconsistent with how comments are written in /etc/apparmor* files. It should have a space after the #. #include lines are the only ones that don't. The other files that look wrong are /etc/apparmor.d/tunables/*.d/* and /etc/apparmor.d/tunables{kernelvars,sys}. </nitpick> Cheers, David.