Hi, Andreas Beckmann wrote (11 Nov 2014 19:20:37 GMT) : > Selecting previously unselected package openntpd. > Preparing to unpack .../openntpd_20080406p-11_amd64.deb ... > Unpacking openntpd (20080406p-11) ... > dpkg: error processing archive > /var/cache/apt/archives/openntpd_20080406p-11_amd64.deb (--unpack): > trying to overwrite '/etc/apparmor.d/usr.sbin.ntpd', which is also in > package apparmor-profiles-extra 1.4 > Errors were encountered while processing: > /var/cache/apt/archives/openntpd_20080406p-11_amd64.deb
The ntp and openntpd packages both ship /usr/sbin/ntpd, and rightfully conflict with each other. Since we have a 1-to-1 mapping between absolute binary names and AppArmor profile (unless we bother confining stuff via the initscript or systemd unit file, the later not being supported in sid yet), I think the conflict must be reflected in the packages that ship the AppArmor profiles. So I see a few solutions: 1. Have openntpd conflict with apparmor-profiles-extra. This would be sad, since it prevents openntpd users from benefiting from other, unrelated profiles shipped in apparmor-profiles-extra. OTOH this is very easy and can be temporary, until we can e.g. rename the profile shipped by openntpd to e.g. system_openntpd, and apply it with AppArmorProfile= (see systemd.exec(5), that should be possible soon after Jessie 8.1 is out. 2. Remove usr.sbin.ntpd from apparmor-profiles-extra or from openntpd. Same as above, this can be temporary, until systemd v210+ reaches sid and we have nicer solutions. 3. Move the usr.sbin.ntpd profile from apparmor-profiles-extra to ntp. This seems to be the obvious best long-term solution, I think. Thoughts, opinions, volunteers? Dererk: I have added the 'help-needed' usertag for [email protected], so that this bug is on the AppArmor team's radar. Cheers, -- intrigeri -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
