So it turns out we are going to need to support policy versioning (Christian can gloat now). The question because how we support it
We are looking at 2 different options 1. we support a version tag in files, with the tag required to be on each file including any include. When the parser detects mixed versioning does it - gracefully convert between v2 and v3 policy - just fail 2. we move to a new versioned directory /etc/apparmor3.d/ or something of the sort with everything in /etc/apparmor.d/ remaining in v2 policy (format and semantics) In this case what if a profile exists in both directories - fail - default to v3 on new kernels - default to v2 on older kernels? -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
