
Am Donnerstag, 29. Juni 2023, 19:05:09 CEST schrieb Jim Fehlig:
> I was going down the same path until I thought of the more brute force
> approach, which I admit to be fond of due to ease of ripping out the
> 2.x stuff when no longer needed. But yeah, two copies of the profiles
> is not nice.

I have quite some experience with [getting rid of] code duplication [1], 
and "not nice" is a very diplomatic description ;-)

> I'll take a closer look at your patches now.

I had a look, and those conditional blocks look much better than 
duplicating the whole directory.

Another thing you might want to add to all profiles and abstractions for 
AppArmor >= 3.0 is
    abi <abi/3.0>,

This will enable enforcing of some newer rule types - which might mean 
that you need to add a few new rules to the profiles.
See the "Feature ABI" section in   man 5 apparmor.d   for details.

(Since this is unrelated to local/, adding the abi lines should probably 
be a separate patch.)


Christian Boltz

[1] unrelated to AppArmor
File Not Found.....Loading something that looks similar

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to