Hello, just a short answer since John already answered most questions:
Am Samstag, 25. November 2017, 17:16:07 CET schrieb intrigeri: > Marco d'Itri: ... > 3. Our local override mechanism is Debian-specific > > AFAIK the "#include <local/$profile>" thing is the norm only on > Debian and derivatives. Christian, what do you do at OpenSUSE? openSUSE also includes the local/ files - but since aa-logprof always updates the main profile file, the local/ files are not too useful. (Changing aa-logprof to use the local/ include is on my TODO list, but it's far from being top priority, and probably needs some other changes first.) > > Why is /etc/apparmor.d/cache/ not somewhere else? > > If the reason is to not have a dependency on /var/ being mounted > > I bet this is exactly the reason (we want to load policy ASAP in the > boot process), but I've been involved in this community only since > 2013 so I can't tell for sure. Exactly. openSUSE uses /var/lib/apparmor/cache/ - with the default BTRFS layout, it's part of the root partition. With non-default partitioning and /var/ on a separate partition, this will indeed introduce a dependency on /var/lib/ being mounted. That makes /var/lib/apparmor/cache/ less perfect, but the decision was made against having a binary cache in /etc/. Oh, and the person who argued most against having the cache in /etc/ officially allowed me to blame him if /var/lib/apparmor/cache/ causes issues *eg* Regards, Christian Boltz -- Journal is just for "fun" (well, strange values of "fun") for now and the foreseeable future. [Stefan Seyfried in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
