From: paper42 <paper42@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: apparmor: move rules to a separate package
Date: Mon, 17 May 2021 15:47:20 +0200 [thread overview]
Message-ID: <20210517134720.eZ2flmspgx2Ph3kVE_ZanZx-7tKEc1qaAFRXOTwJR6k@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-30946@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 1552 bytes --]
New comment by paper42 on void-packages repository
https://github.com/void-linux/void-packages/pull/30946#issuecomment-842338740
Comment:
> Not sure if there is any value in renaming the file in upstream rules, they are most likely also either hard code the specific path in the profile or allow patterns.
> Would also break existing `/etc/apparmor.d/local` configuration.
There is not, other than convenience, I will revert this change.
> I'm not sure yet if I prefer a package with our profiles or just shipping the profiles we wrote with the package they are for.
> If we plan to ship one big package then I think it would be better to create a new separate repository instead of maintaining then inside of void-packages.
I am interested in a better solution like what was mentioned in the void-infrastructure issue. I think a separate repository might be a bit better idea, because we might want to modify or create new abstractions. Tracking compatible versions could be done with a simple comment with the version (similar to [krathalan's apparmor profiles for Arch](https://git.sr.ht/~krathalan/apparmor-profiles/tree/master/item/profiles/bluetoothd) and some kind of a warning/notification/lint/CI which would warn when a PR or a commit for a new version is made. There should also be a distinction between well tested profiles and ones that are a bit buggy or not tested enough (which would be a bit ugly with the profiles in packages). This will not be trivial, but I can offer my help when the void maintainers decide on this.
next prev parent reply other threads:[~2021-05-17 13:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 9:41 [PR PATCH] " paper42
2021-05-17 9:58 ` [PR PATCH] [Updated] " paper42
2021-05-17 10:06 ` paper42
2021-05-17 10:07 ` paper42
2021-05-17 12:30 ` Duncaen
2021-05-17 12:32 ` [PR REVIEW] " Duncaen
2021-05-17 12:43 ` ericonr
2021-05-17 13:24 ` [PR REVIEW] " paper42
2021-05-17 13:47 ` paper42 [this message]
2021-05-17 13:55 ` noarchwastaken
2021-05-17 13:57 ` [PR PATCH] [Updated] " paper42
2021-05-17 14:04 ` noarchwastaken
2021-05-17 14:04 ` noarchwastaken
2021-05-17 14:04 ` noarchwastaken
2021-05-23 19:01 ` noarchwastaken
2021-05-23 19:05 ` noarchwastaken
2021-07-05 21:09 ` [PR PATCH] [Closed]: " paper42
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517134720.eZ2flmspgx2Ph3kVE_ZanZx-7tKEc1qaAFRXOTwJR6k@z \
--to=paper42@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).