Hi, Fabian Grünbichler: > I am not sure whether the features file itself would really need to be a > conf file though, if it is already pointed to by a conf file directive? > putting the features file itself somewhere into /usr/share would at > least allow a sane divertion without having to touch the parser.conf as > an alternative solution to the one described below?
> modifications by the admin would still be easy (just point to a modified > copy of the features file), and modification by downstreams would be a > lot easier (just divert the features file) than currently.. Right. This looks like a good interim solution to me. Do you want to try to implement it in the packaging? > intrigeri: >> Understood. Ideally parser.conf would be complemented by >> /etc/apparmor/parser.conf.d/*.conf, which could be sourced at the end >> of parser.conf somehow. And then we can ship the default parser.conf >> in /usr. TTBOMK we have no way to source such additional config >> drop-in snippets though. I suspect upstream would be happy to consider >> patches that add this feature :) > yes, that would have been nice. alas, there is no such thing now, and > getting one in time for the upcoming point release is not really an > option.. maybe in time for buster? >> If we had this drop-in snippet support for complementing the default >> parser.conf, then both your use case and that one would be supported >> nicely, right? > yes. Would you be willing to work on such a feature upstream so downstreams & derivatives have a cleaner (than diversion) way to address this problem? Either way, can you please file a dedicated bug report so we track this issue elsewhere than on a bug that's going to be closed in a few days? Cheers, -- intrigeri
