Code review comment for lp:~snappy-dev/click/default-apparmor

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

On 12/03/2014 06:41 PM, Barry Warsaw wrote:
>> Without testing the code, this looks reasonable. I can say that the hardcoding
>> of the policy_version is something we won't want long term. We'll need to have
>> click-apparmor expose that some how so it can be consumed by click.
>
> Will the rest of the file contents potentially change, or just the policy_version?
> If it's just the latter and we can determine the version at build-time, we can
> easily substitute that in. Actually, if the entire file contents is available
> somewhere we can pretty easily read that in at build time.

Well,the contents of the file are up to us-- we can define the defaults. Dealing
with the policy_version requires further thought and discussion since it has
been changing based on the Ubuntu release (eg, 1.2 is 14.10, 1.1 14.04). That is
just convention though-- there is no reason why it has to be that way, but it
will definitely change if we want to remove policy groups or templates, or if
new policy groups and templates need to use new apparmor syntax.

--
Jamie Strandboge | http://www.ubuntu.com

« Back to merge proposal