[Apparmor-general] seperate the abstractions and program-chunks
from the profile package ?
John Johansen
jjohansen at suse.de
Thu Aug 2 10:34:40 MDT 2007
On Thu, Aug 02, 2007 at 03:50:39PM +0200, Dieter Bloms wrote:
> Hi,
>
> does it make sense to seperate the profile package in those with the
> profiles for the programs and one with the abstractions and
> program-chunks content ?
>
splitting out profiles, and making it easier to disable profile you
don't want does make sense and we are moving in that direction.
> I've made some profiles which need some includes from abstractions so I
> have to install the profiles package.
>
> But then there are many profiles installed, which I don't want profiles
> for.
>
> The deps require the installation of the profiles package on sles9, so
> I have to iinstall the profiles, which make some trouble to me like the
> syslog profile with chrooted sockets.
>
> Ok, I can add them, but I want to manage only some files for programms,
> which are reached from net.
>
For sles9 the best I can currently recommend is for applications you don't
want confined move their associated profiles out of /etc/apparmor.d/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070802/dbf17418/attachment.pgp
More information about the Apparmor-general
mailing list