Hi, Christian Boltz: > I'm not sure if I like your samba/... path - it's not bad on itsself, > but it opens a can of worms.
… and it's actually an even deeper can of worms: arguably /etc is not the right place to store auto-generated files that the local administrator should not touch. They should be in /var. But from a Debian perspective, it's way too late in the Buster dev cycle to tackle this related problem. > Let's assume for a moment that more > programs auto-generate profile sniplets. Do we really want to have one > directory for each of them (always holding a single file)? I'm afraid > that might produce an interesting forest in /etc/apparmor.d/... On my system I currently have 43 regular files (profiles) at the top level under /etc/apparmor.d/, 5 standard directories created by the apparmor package, and a couple program-specific directories (libvirt, lxc). It's not obvious to me what's the problem with creating a few more directories in there. Can you please explain? :) > Counter-proposal: What about /etc/apparmor.d/autogenerated/$whatever ? > That directory could be used by multiple programs. If there's a good reason why creating per-program directories (= namespaces) directly under /etc/apparmor.d/ and why /var is not an option, fine. But then the proverbial $someone needs to migrate libvirt there, otherwise we're just creating a N+1'th standard¹ and making things more inconsistent than they already are. Wrt. Debian and Buster: this path is mostly an internal implementation detail and it seems easy to change it later. Since there's no clear consensus at this point, I would not block on this conversation and I recommend uploading src:samba using the path I've already added support for. Then we can have this conversation in a relaxed manner instead of under a super-tight schedule, aiming at finding a great solution for Bullseye (Debian 11), ideally under /var. [1] https://xkcd.com/927/ Cheers, -- intrigeri
