On Wed, Nov 30, 2016 at 04:03:30PM -0800, John Johansen wrote:
> On 11/30/2016 03:21 PM, Seth Arnold wrote:
> > On Wed, Nov 30, 2016 at 03:11:53PM -0800, Steve Beattie wrote:
> >>> owner /{,var/}run/user/*/weston-shared-* rw,
> >
> >> Can we kill the first rule? Or at least only have the /var/ path, since
> >> the non-var path is covered by the last rule?
> >
> > I like the "only the /var/ path" option; that's what I went with.
> >
> > (I suspect we're just about to the point that we could remove all
> > the /var/run/ paths and alternations from our trunk profiles, but I'd
> > really hate to find out that I'm wrong by breaking a user's system on
> > an upgrade.)
> >
>
> which begs the question why didn't we use a variable or an alias rule.https://lists.ubuntu.com/archives/apparmor/2011-July/001236.html and https://lists.ubuntu.com/archives/apparmor/2011-July/001237.html were the comments about this originally. Full thread is at https://lists.ubuntu.com/archives/apparmor/2011-July/thread.html#1230 > The variable is a bit ugly but easy to tweak and obvious. > > The alias is convenient and will work for this straight substitutions > but is totally non obvious/visible to the user. However if we are > at the point where removing /var/run/ is viable for most users, then > getting rid of /var/run alternations completely is the way to go. > And for users who really need it we can add a commented out an alias > rule in abstractions/base and tell users to uncomment that It's probably been long enough to consider doing this. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
