On 10/03/2015 02:40 PM, Christian Boltz wrote:
> Hello,
>
> Am Montag, 21. September 2015 schrieb Simon Deziel:
>> On 09/18/2015 06:09 PM, Seth Arnold wrote:
>>> On Fri, Sep 18, 2015 at 09:54:58PM +0200, Christian Boltz wrote:
>>>> oftc_ftw reported on IRC that Arch Linux has a symlink /bin ->
>>>> /usr/bin. This means we have to update paths for /bin/ in several
>>>> profiles to also allow /usr/bin/
>>>
>>> I think this would be better solved by alias rules, one
>>>
>>> alias /bin -> /usr/bin,
>>
>> I like this idea and I'm wondering why it wasn't used for the
>> transition from /var/run to /run?
>
> Good question. Maybe nobody thought of it, or we thought that setting up
> aliases should be reserved to the user (not to shipped policy).
>
> I can see why an alias would make the profiles easier to read.
> OTOH, it can also be confusing because there's an external file
> "modifying" the profile - so people reading the profile might wonder why
> /bin/... works even if the binary was moved to /usr/bin/...
>
> Therefore my personal opinion is that /{,usr/}/bin/... is the better
> choice, even if it the alternation might make the profile a bit harder
> to read (but still easier than having to look up aliases in another
> file).Good point, it has the advantage to not surprise the sysadmin. That said, for transitions like the /var/run one, how long do we have to carry the alternation syntax for? Are all Apparmor enabled distro fully switched to /run by now? Regards, Simon
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
