Comment # 17
on bug 881762
from Christian Boltz
(In reply to Tony Pattison from comment #16)
> Hi Christian,
> I fully accept your comments.
>
> To further the troubleshooting I have tried other archived OpenSUSE versions:
Wow, thanks!
> v12.1
> The clients are now called by their modern names (ie. no mention of Novel)
> and also work.
>
> v12.2
> This is where the clients stoip working (ie. when it re-writes the file in
> misses out the #include <tunabvles/global> line.
I downloaded the perl-apparmor and yast2-apparmor packages for 12.1 and 12.2,
unpacked them and checked the diff, which isn't too big.
The YaST changes are mostly text changes in help texts and error messages
(unless I overlooked something - I don't speak YCP).
The perl-apparmor changes are more code-related, but unfortunately I don't see
an obvious change that could cause the breakage with #include <tunables/global>
:-(
I also had a look at the full perl code (well, by searching for #include etc.)
and now understand why upstream doesn't want to maintain it anymore ;-)
(I also have to admit that I didn't read or write perl for quite a while.)
> One final thing before allowing this to rest;
>
> I note that in the old "NovelApparmor" days, there was no directory called
> "/etc/apparmor.d/local/" which is, I assume, why the present yast2-apparmor
> does not allow you to select this directory when adding a new entry. The
> offending line appears to be in
> "/usr/share/YaST2/include/apparmor/profile_dialog.rb" line number 1308 -
>
> validIncludes = [
> "/etc/apparmor.d/abstractions",
> "/etc/apparmor.d/program-chunks",
> "/etc/apparmor.d/tunables"
>
> Which I suspect it already on your (long) todo list.
Well, the question is if you want/need to add that if you edit a profile
manually. local/* is meant as "plugin" directory for upstream profiles so that
you can avoid editing the "official" profile (there's a TODO for the aa-* tools
to also work that way...). So if you already edit a profile, it doesn't make
too much sense to add an #include <local/...> IMHO.