apparmor should provide debian policy compliant way to toggle complain mode
Bug #203137 reported by
Jamie Strandboge
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Bug Description
Binary package hint: apparmor
Currently apparmor profiles cannot be supported as a conffile because there is not a debian policy compliant way to toggle complain mode. This would be useful for upgrading a package that didn't ship a profile to one that shipped one in enforcing mode. Eg, dapper user has bind9 installed with custom file locations and upgrades to hardy. Hardy's bind9 ships with an enforcing profile, which breaks bind9 when the user upgrades to hardy.
Related branches
| Changed in apparmor: | |
| assignee: | nobody → jamie-strandboge |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in apparmor: | |
| status: | Triaged → In Progress |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in apparmor: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package apparmor - 2.1+1075-0ubuntu6
---------------
apparmor (2.1+1075-0ubuntu6) hardy; urgency=low
[ Kees Cook ]
* utils/SubDomain.pm:
- fix up mask parsing to match kernel version (LP: #202920).
- fix up syslog parsing regexp to match broken kernels (LP: #202888).
* profiles/
* profiles/
* profiles/
* profiles/
(LP: #202991).
[ Jamie Strandboge ]
* add Debian Policy compliant way to toggle complain mode (LP: #203137)
- parser/
force-
- utils/enforce: remove symlink in force-complain/
- debian/rules: create /etc/apparmor.
-- Kees Cook <email address hidden> Mon, 17 Mar 2008 10:28:23 -0700