Hi Yves-Alexis & Cameron, first of all, thanks for the feedback. Replies inline below.
Cameron Norman wrote (02 Mar 2015 20:39:39 GMT) : > On Mar 2, 2015 12:28 PM, "Yves-Alexis Perez" <[email protected]> wrote: >> Actually, we already had issues with the AppArmor profile in the past, >> because it was too recent for the current AppArmor utilities. The >> AppArmor profile is provided directly by upstream (which evolves in >> Ubuntu circles), so it might not be perfect for Debian I'm not an >> AppArmor user myself, so I can't really test, but am really interested >> in any comment you might have. > So recent versions of apparmor do not fail to parse rules it does not know > about, as long as the syntax is right. This should ensure the profile > currently and continues to work without issue. Indeed, that's been the case since AppArmor 2.9 reached Debian :) Sorry I didn't ping all maintainers yet to tell them they can revert the changes we had them do earlier in the Jessie cycle. (I've done so for cups a few days ago, but forgot about lightdm.) So, I've had a look at the lightdm 1.12.2-1 source package, and indeed, at least these parts of patches/02_fix-apparmor-profile.patch can now be dropped: - #include <abstractions/dbus-accessibility> [...] - signal peer=@{profile_name}, - ptrace peer=@{profile_name}, - # needed when logging out of the guest session - signal (receive) peer=unconfined, + # this doesn't work with the current Debian apparmor + #signal peer=@{profile_name}, + #ptrace peer=@{profile_name}, + ## needed when logging out of the guest session + #signal (receive) peer=unconfined, > I run lightdm and use apparmor and can test the profile shipped upstream > when i get home. If you're running sid, then you would be the ideal candidate to ensure any future lightdm breakage caused by its AppArmor profile turns on red lights in a timely manner, even if Yves-Alexis doesn't test the packages he uploads with AppArmor enabled :) Cheers, -- intrigeri _______________________________________________ Pkg-xfce-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel
