https://bugzilla.novell.com/show_bug.cgi?id=689458 https://bugzilla.novell.com/show_bug.cgi?id=689458#c6 --- Comment #6 from Christian Boltz <suse-beta@cboltz.de> 2011-10-05 22:54:34 CEST --- quote from the duplicate (bug 722292)
a) move profiles into the actual packages where the binaries are
That would cause a maintenance hell :-( I spent several evenings to push lots of openSUSE profile patches upstream. The profiles in the apparmor-profiles package are directly taken from upstream (one or two are still patched). I also unified the profile for /usr/sbin/nscd which was shipped in the nscd/unscd packages before - I merged the differences and moved it back to the apparmor-profiles package. The nscd profile(s) already showed the (IMHO usual) problem with having a profile in the same package as the binary: it gets outdated and doesn't get updates from upstream (for example /var/run vs. /run was solved upstream, but not in the *nscd package). Moving each profile to the package with the binary would mean that each of those packages would need to include updated profiles from upstream on new apparmor releases - and I'm afraid most would forget to do it and ship outdated profiles. If you have an idea how to include the latest profiles in each binary package _automatically_, please tell me ;-)
or create subpackages that supplement them.
This would result in about 20 subpackages for /etc/apparmor.d/*, most of them with only one file. I'd guess those packages would need more space in the rpm database than in /etc/ ;-)
b) speed up apparmor_parser
That's an ongoing task upstream, and there were big improvements since the 2.3 release. But yes, there's still lots of room for optimization ;-) John just told me in #apparmor that several patches are in the works (including a rewrite of the code where most dynamic casts are), but they won't make it into apparmor 2.7. He'll probably add a comment with more details soon. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.