On Thu, Dec 07, 2017 at 10:45:11AM +0100, intrigeri wrote: > Fabian Grünbichler: > > sounds like a plan, I'll re-spin my patch later today. > > :) >
see attached, tested on Sid with various modification scenarios. I think the messages printed by apt are enough, and there should be no need for a NEWS entry. should this ever find its way into a s-p-u, the rm_conffile should of course be dropped.
>From 293361154926088aecacc3992558848f2d8ae97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbich...@proxmox.com> Date: Thu, 7 Dec 2017 12:53:13 +0100 Subject: [PATCH] Move features file to /usr/share/apparmor-features (Closes: #883682) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit and remove the old (now obsolete) conffile '/etc/apparmor/features'. The reference to the features file in /etc/apparmor/parser.conf is already part of a conffile, so an admin can easily override the feature pinning there. Making the features file a regular file allows easier overriding of pinned features via third-party packages (e.g., in downstreams or derivatives). Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- debian/patches/pin-feature-set.patch | 2 +- debian/apparmor.install | 2 +- debian/apparmor.maintscript | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/patches/pin-feature-set.patch b/debian/patches/pin-feature-set.patch index 6565fe23..4fa430a5 100644 --- a/debian/patches/pin-feature-set.patch +++ b/debian/patches/pin-feature-set.patch @@ -15,4 +15,4 @@ Author: intrigeri <intrig...@debian.org> + +## Pin feature set (avoid regressions when policy is lagging behind +## the kernel) -+features-file=/etc/apparmor/features ++features-file=/usr/share/apparmor-features/features diff --git a/debian/apparmor.install b/debian/apparmor.install index b3a14571..d671d349 100644 --- a/debian/apparmor.install +++ b/debian/apparmor.install @@ -1,5 +1,5 @@ debian/apport/source_apparmor.py /usr/share/apport/package-hooks/ -debian/features /etc/apparmor/ +debian/features /usr/share/apparmor-features/ debian/lib/apparmor/functions /lib/apparmor/ debian/lib/apparmor/profile-load /lib/apparmor/ etc/apparmor/parser.conf diff --git a/debian/apparmor.maintscript b/debian/apparmor.maintscript index da4417bf..7440c067 100644 --- a/debian/apparmor.maintscript +++ b/debian/apparmor.maintscript @@ -2,3 +2,4 @@ rm_conffile /etc/apparmor/functions 2.5.1-0ubuntu4 rm_conffile /etc/apparmor/rc.apparmor.functions 2.5.1-0ubuntu4 rm_conffile /etc/apparmor.d/abstractions/ubuntu-sdk-base 2.8.0-0ubuntu20~ rm_conffile /etc/init/apparmor.conf 2.11.0-11~ +rm_conffile /etc/apparmor/features 2.11.1-4~ -- 2.14.2
