[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apparmor-dev
Subject:    [apparmor] handling disable and complain (was: Re: [patch] mkdir
From:       Christian Boltz <apparmor () cboltz ! de>
Date:       2011-10-19 22:31:45
Message-ID: 4425700.HDNrggvrMF () tux ! boltz ! de ! vu
[Download RAW message or body]

Hello,

Am Mittwoch, 19. Oktober 2011 schrieb John Johansen:
> Now for the rant.
> =

> I absolutely detest this mechanism for disable and complain (yes I
> know why it was done), and would prefer we revisit this again for the
> future =


The method with symlinks in /etc/apparmor.d/disable has some advantages:
- no need to edit the profiles
- profiles don't magically come back (which could happen if you delete a =

  profile and then install a new apparmor-profiles package)
- enabling or disabling a profile is easy (just create/delete a symlink)

I'm open for your proposal of a better mechanism - ideally it has all =

the advantages I listed above and fixes all the things you don't like =

;-)

> (I know a collective scream of no). </rant>

;-))


Regards,

Christian Boltz
-- =

Bist du Rechtsanwalt oder soll ich das pers=F6nlich nehmen?
[Marius Brehler in suse-talk]


-- =

AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinf=
o/apparmor

[prev in list] [next in list] [prev in thread] [next in thread]