Control: tag -1 + pending Hi John & others,
John Scott (2020-05-06): > An experimental freshclam profile is provided at > /usr/share/apparmor/extra-profiles/usr.bin.freshclam, but clamav-freshclam > provides its own more recent one in enforce mode at /etc/aa.d/ and has been > for a while. Indeed, good catch! FTR, here's the profile shipped in the clamav-freshclam package: https://salsa.debian.org/clamav-team/clamav/-/blob/unstable/debian/usr.bin.freshclam It has been updated a few times in the last few years. And here's the upstream one from the AppArmor project: https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.bin.freshclam It has been updated once in the last 10 years. I would love to see cross-distro collaboration on this profile, but our current infrastructure & processes are not ready for that yet, and I lack time/energy to push this forward myself. So for the time being: > Please remove this one. This makes sense to me: /usr/share/apparmor/extra-profiles/usr.bin.freshclam gives no benefit to Debian users and instead it can cause confusion. The next upload won't include /usr/share/apparmor/extra-profiles/usr.bin.freshclam Cheers!
