I discussed this issue with Gustavo and we think that apparmor itself should detect this and re-load all profiles when a change to any of the parsers or templates occurs. From snappy's POV we will re-load all profiles for a specific snap each time something in that snap changes *AND* we promise to detect changes to the internal templates built into snappy. We would not like to detect changes to apparmor itself as that can be done by a systemd job shipped with apparmor. That job should simply compile and re-load all the profiles stored in a standard directory (or have a way for snappy to tell apparmor that it stores profiles in a non-standard directory).
What do you think? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1569581 Title: snapd no longer detects apparmor changes on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1569581/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
