Hi (again!), Jamie Strandboge wrote (20 Aug 2014 21:43:59 GMT) : > * When shipping in a package, ideally the package should support both > complain > and enforce mode for individual profiles so that installing it may enable > enforcing policy (this isn't a collaboration concern, just a packaging one)
I'm not sure I understand what you mean here. May you please point me to an example of what you find to be the best practice in this area? > * shipping all policy in one package means more is loaded and compiled than > is > strictly needed for the system Sure. As long as we're only shipping a handful of profiles in that policy package, this should not be a big deal, though. > * a collaboration option is to ship profile in the package, but file bugs > against the source packages that are being confined (ideally with debdiffs > to > make it easy for the Debian developer to take it ;). This is a bit of best > of > both worlds-- the policy can still be developed by the policy team, but we > give the developer the option to take over Yes, I think we should do that, even if my previous similar attempts were not exactly successful. todo++, again :) Cheers, -- intrigeri -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
