[Apparmor-dev] [rfr] Update to profiles: klogd and ntpd for
ubuntu.
Seth Arnold
seth.arnold at suse.de
Fri Jun 1 18:33:36 MDT 2007
On Fri, Jun 01, 2007 at 06:59:23PM -0400, Mathias Gug wrote:
> > Something that we're going to do in SUSE is split the profiles out of
> > the monolithic apparmor-profiles package, and put them into their
> > respective packages.
> We have the same issue in ubuntu, how to package profiles.
> We thought about 3 possibilities :
> 1. in the application package. This requires to educate package maintainers
> about security policy frameworks.
> 2. in one package policy. The policy maintainer has to track all
> application changes.
> 3. one package policy for each application. This may lead to lots of small
> packages.
>
> For now, we plan to follow 2. We'll see how things will evolve.
Having tried all three, I can tell you that none of them is ideal.
Putting them in the hands of package maintainers (may) be nice, though,
since I am definitely not an expert on all the applications we ship. I
hope the package maintainers will see it more as a way to reduce
bugreports than pushing work onto them.. :)
> Ok. I'll keep sending profiles updates. If this process doesn't scale
> well, we'll sort things out then.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070601/7d1d92be/attachment.pgp
More information about the Apparmor-dev
mailing list