Le 7/04/23 à 20:19, Francois Marier a écrit :
On 2023-04-07 at 07:23:07, Laurent Bigonville (bi...@debian.org) wrote:
It seems that you install the apparmor profile in the path for systemd system
service
The following change should be reverted:
https://salsa.debian.org/debian/fwknop/-/commit/d3a5aaef39fedc1bb94e26921afbf63f79b31af7
Hm, that does look like a mistake. I don't remember what might have caused
me to make that change.
I guess the apparmor profile hasn't been in use for a while then. It seems
like it's too late in the release process to re-add it in bookworm.
Here's what I'm thinking of doing:
- move it to /usr/share/apparmor/extra-profiles/ (so it's not turned on by
default) for bookworm
- move it back to /etc/apparmor.d/ after bookworm
Alternatively, I could also not change anything for bookworm since it's not
enabled as an AppArmor profile and it will be ignored as a systemd unit
file.
What do you think?
Sorry for the late answer.
I see that you moved the file to /usr/share/apparmor/extra-profiles/,
for now it's OK I guess, might be indeed be too late to enable the
profile so late in the development cycle
An other option for bookworm+1 is to move the file back to
/etc/apparmor.d/ AND merge the profile back in the main package so it's
installed along side the daemon and kill fwknop-apparmor-profile (that
package only ships one file AFAICS)
Apparmor profile can be put in complain/non-enforcing mode if the user
really wants to.
