Control: reassign -1 apparmor Hi,
Stefano Brivio (2025-03-14): > On Thu, 13 Mar 2025 18:18:28 +0100 > intrigeri <intrig...@debian.org> wrote: >> So at this stage, as far as Debian Trixie is concerned, I'm now >> tempted to simply remove the stub podman profile from the apparmor >> package: it seems none of us is super comfortable with the workaround >> they would have to carry to make it play nicer with pasta. And we >> would not be losing much value for our users. > > If we lose zero value (do we? what's the value of the stub?) then I > would go ahead with that, definitely. The main value of the stub is as a stepping stone for finer-grained confinement, such as what we're discussing on this thread. I think it's great to take advantage of it eventually but perhaps not at this time in the dev cycle as far as Debian is concerned, so I'll go ahead and remove the stub podman profile for now. Happy to bring it back once other components such as passt are ready to take advantage of it, even happier if a proper profile is created and maintained instead of the stub :) Cheers, -- intrigeri
