On Thu, 13 Mar 2025 18:18:28 +0100 intrigeri <intrig...@debian.org> wrote:
> Hi, > > Stefano Brivio (2025-03-13): > > Actually, if you need something quick, you don't really need a > > complete/real profile for Podman. You can just add to the current stub > > (untested, but I'm fairly confident): > > Thank you for proposing more options! > > Sadly, this ventures too far away from my domain of expertise for me > to take responsibility to include this in the Debian-specific delta of > the AppArmor package, or to propose this change to AppArmor upstream > myself so I can then cherry-pick it into Debian. Podman doesn't maintain an AppArmor profile upstream, by the way, so this would be Debian-only. Well, eventually, it would be good for Debian to... contribute back :) and propose a profile upstream. I'm almost tempted to propose that change for merge downstream after testing it a bit but given the soft freeze in a month, maybe better not. But... Podman (Debian) maintainers, if you're comfortable with it, let me know and I'll submit a merge request. > So at this stage, as far as Debian Trixie is concerned, I'm now > tempted to simply remove the stub podman profile from the apparmor > package: it seems none of us is super comfortable with the workaround > they would have to carry to make it play nicer with pasta. And we > would not be losing much value for our users. If we lose zero value (do we? what's the value of the stub?) then I would go ahead with that, definitely. -- Stefano
