Bug#1106045: libreoffice-common: Apparmor files do no include local override files

To: Laurent Bigonville <bigon@debian.org>, 1106045@bugs.debian.org
Cc: pkg-apparmor-team@lists.alioth.debian.org
Subject: Bug#1106045: libreoffice-common: Apparmor files do no include local override files
From: Rene Engelhard <rene@debian.org>
Date: Mon, 19 May 2025 18:58:05 +0200
Message-id: <[🔎] 5f55a4b4-cfa8-454f-8dc6-96a05227633d@debian.org>
Reply-to: Rene Engelhard <rene@debian.org>, 1106045@bugs.debian.org
In-reply-to: <[🔎] 37ad3393-2bd1-4cd8-9a46-41cfb79a8c01@debian.org>
References: <[🔎] 174764439721.28299.17907987763193070697.reportbug@eriador.bigon.be> <[🔎] EA1DBF7C-24FF-42B8-BD7E-87FF876888CA@rene-engelhard.de> <[🔎] 9e48bcd4-2a10-4bcc-8328-f07ed567dabe@debian.org> <[🔎] 52121EA1-6492-450C-A4DE-3290986342E5@rene-engelhard.de> <[🔎] 174764439721.28299.17907987763193070697.reportbug@eriador.bigon.be> <[🔎] 37ad3393-2bd1-4cd8-9a46-41cfb79a8c01@debian.org> <[🔎] 174764439721.28299.17907987763193070697.reportbug@eriador.bigon.be>

Hi,

Am 19.05.25 um 14:19 schrieb Laurent Bigonville:

Le 19/05/25 à 14:15, René Engelhard a écrit :


Hi,

Am 19. Mai 2025 14:05:51 MESZ schrieb Laurent Bigonville <bigon@debian.org>:

Most are in complain mode anyways thus not blocking stuff.

Even in complain mode, apparmor still logs stuff in the audit logs (and triggers notification when apparmor-notify is installed), so I'm pretty sure there is a non-null number of people who wants to customize the policy

Those are conffiles...

Though if course if you adapt them you need to merge eventual future changes, which complicates stuff...

Yeah I know, that's why the other files have that #include to avoid a merge hell


Yeah... Just looked:

rene@frodo:/etc/apparmor.d$ ls -l | wc -l
125
rene@frodo:/etc/apparmor.d$ grep include.*local\/ * | cut -d: -f1 | sort | uniq | wc -l
grep: abi: Ist ein Verzeichnis
grep: abstractions: Ist ein Verzeichnis
grep: disable: Ist ein Verzeichnis
grep: force-complain: Ist ein Verzeichnis
grep: libvirt: Ist ein Verzeichnis
grep: local: Ist ein Verzeichnis
grep: lxc: Ist ein Verzeichnis
grep: samba: Ist ein Verzeichnis
grep: tunables: Ist ein Verzeichnis
108
rene@frodo:/etc/apparmor.d$

Indeed, most (on my system) have it.

Regards,

Rene

Reply to:

References:
- Bug#1106045: libreoffice-common: Apparmor files do no include local override files
  - From: Laurent Bigonville <bigon@debian.org>
- Bug#1106045: libreoffice-common: Apparmor files do no include local override files
  - From: René Engelhard <rene@rene-engelhard.de>
- Bug#1106045: libreoffice-common: Apparmor files do no include local override files
  - From: Laurent Bigonville <bigon@debian.org>
- Bug#1106045: libreoffice-common: Apparmor files do no include local override files
  - From: René Engelhard <rene@rene-engelhard.de>
- Bug#1106045: libreoffice-common: Apparmor files do no include local override files
  - From: Laurent Bigonville <bigon@debian.org>

Prev by Date: Re: libreoffice-common: Lot of apparmor denials generated regarding thunderbird and document signature
Next by Date: Processed: Bug#1106045 marked as pending in libreoffice
Previous by thread: Bug#1106045: libreoffice-common: Apparmor files do no include local override files
Next by thread: Processed: Bug#1106045 marked as pending in libreoffice
Index(es):
- Date
- Thread