Ticket #942 (new enhancement)

Opened 10 years ago

Last modified 7 years ago

Monolithic apparmor-config is stupid

Reported by: jdreed Owned by:
Priority: normal Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:


See #737 for context.

Change History

comment:1 Changed 10 years ago by jdreed

This is not as simple as just breaking it back out into individual packages:

   debathena / trac-#737.d / geofft  17:49  (Attention all pilots... One lives o
       Ideally whenever cupsys and debathena-kerberos-config are installed, we  
       want to require that debathena-cupsys-apparmor is installed              
       (regardless of cupsys-config). I don't think you can express this        
   debathena / trac-#737.d / geofft  17:51  (Attention all pilots... One lives o
       Possibly the right answer is that kerberos-config does something to      
       watch on every package install for new apparmor files (from some         
       list? ever?) that reference krb5.conf, and if they exist, go             
       dpkg-divert them.                                                        
   debathena / trac-#737.d / geofft  17:51  (Attention all pilots... One lives o
       But it means that the .debathena file won't be packaged. Which might     
       be fine.                                                                

comment:2 Changed 7 years ago by geofft

Here's another thought: Modify (transform, presumably) the apparmor initscript to copy all the profiles to a temporary directory, run dpkg-divert --list, sed the temporary copy of the profiles as appropriate, and then load the result of that.

This involves no additional diversions or packaging trickery, and now apparmor-config is generic and the source package doesn't know anything about any Debathena packages or what we divert. (We might even be able to talk upstream into taking this approach.)

Note: See TracTickets for help on using tickets.