On 07/27/2014 12:47 PM, Christian Boltz wrote: > Hello, > > I discussed a bit with intrigeri about a profile repo for cross-distribution > usage and profile sharing. Here's the log - feedback welcome ;-) > > > [19:04:10] <cboltz> BTW: we should find a solution for managing > distro-specific profiles > [19:04:18] <cboltz> and, more important, sharing them between distros ;-) > [19:07:02] <intrigeri> yep. I still have an unfinished draft reply on the > relevant thread > [19:07:10] <intrigeri> ... with low-hanging fruits action items. > [19:08:47] <cboltz> just as a quick idea: http://paste.opensuse.org/96760488 > > + apparmor-profiles > |-- debian > | |-- Wheezy > | '-- Jessie > |-- openSUSE > | |-- 12.3 > | '-- 13.1 > '-- Ubuntu > |-- Trusty_Tahr > '-- Utopic_Unicorn >
This is the intent for apparmor-profiles, but so far only Ubuntu has put profiles there. I think it would be great to have other distro profiles in there. You've probably seen this, but in case you haven't: http://wiki.apparmor.net/index.php/Profiles Now, the way Ubuntu handles profiles is that we ship production distro-profiles in the packages themselves and the apparmor-profiles repository is a place for in progress profiles or profiles that for some reason don't fit with the distro. We ship the profiles in the packages themselves so that package maintainers (ie, the people who know the software being confined best) are able to update the profiles and also to avoid a central profiles package that is gated on a handful of developers (or fewer). As such, the apparmor-profiles bzr repo doesn't have the profiles that Ubuntu actually ships (but we do leave the profile file in place with a note on where to find the official profile (see ubuntu/14.10/usr.bin.evince as an example). -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
