[Apparmor-dev] Re: Disable profiles with dpkg-old,
dpkg-new extension and linked from disable dir.
Mathias Gug
mathiaz at ubuntu.com
Mon Aug 20 08:26:15 MDT 2007
Hi,
On Sat, Aug 18, 2007 at 01:45:41PM +0200, Christian Boltz wrote:
> Hmm, another idea: what about flags=disabled?
I'm not a big fan of having status flags embedded in the profile file.
You tend to get conflicts when upgrading the package. The rules and the
status of the profile are two different type of information and
shouldn't be kept in the same place.
> BTW: I don't see a real problem with RPM, it recognizes modified
> profiles as changed and doesn't touch them. Instead, it puts the
> profile from the package in a .rpmnew file which doesn't hurt.
If you remove a profile file from /etc/apparmor.d/ (so that it doesn't
get loaded at boot), will an rpm upgrade reinstall the profile ?
--
Mathias
More information about the Apparmor-dev
mailing list