Hi, Alberto Mardegan (2020-04-02): > On 02/04/20 16:48, intrigeri wrote: >> At Tails we do ship a binary, compiled policy in our live system: >> >> >> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/99-cache-AppArmor-policy >> >> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/01-check-for-outdated-AppArmor-feature-set > > A couple of questions: > > 1) where is apparmor_parser being run? Is it a chroot?
It's run as part of the Tails build. Indeed, it's run in a chroot (which itself is in a vagrant-libvirt VM). > 2) your scripts are checking the features in > /usr/share/apparmor-features; I don't have this directory in this > machine; what is it? That's a Debian thing, I guess you can ignore it. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
