[Bug 643387] Not operating profiles from templates

--- Comment #19 from Christian Boltz <suse-beta@xxxxxxxxx> 2011-08-03 01:47:17
CEST ---
I'm afraid the profiles aren't in a state that I want to have in openSUSE 12.1

I'd propose to do the following:
a) check what is the real difference in the profiles (in other words: filter
everything that is "just" whitespace change, sort order etc.). That means a
"diff -u" against the original profile and then some manual work in $EDITOR.
b) send the patches upstream (apparmor@xxxxxxxxxxxxxxxx)
c) update the openSUSE packages from upstream (with new upstream release or
the officially accepted patch)

I just went through a) and will attach the real differences in a patch-like
format (same syntax, but shortened) in a minute.

I'm quite sure step b) will be challenging for the firefox profile because one
of the changes is
+ @{HOME}/** rw,
While I agree that the original profile was too strict and didn't allow to
store downloads anywhere, opening up the whole home directory for write access
is not a good idea and makes the profile quite useless.

I'm also quite surprised that opera for example needs
+ /etc/apparmor.d/** rk,

Alexander, please check your modified profiles again (my diffs probably help)
and check which changes are really needed and useful.

