[Bug 713647] move apparmor profiles to /lib

John Johansen <jrjohansen@xxxxxxxxxxx> changed:

What |Removed |Added
CC| |jrjohansen@xxxxxxxxxxx

Comment #2 from John Johansen <jrjohansen@xxxxxxxxxxx> 2011-08-23
UTC ---
All the profile files and config files in /etc/apparmor and /etc/apparmor.d/
can/should be able to be hand edited. The binary cache files shouldn't be, and
we are working towards moving those out of /etc/apparmor.d/cache to the
appropriate place. The appropriate place for the "extra" inactive profiles is
an interesting discussion and seems to be rooted in packaging and system config
philosophies, its one that comes up almost yearly and yet has only resulted in
the status quo. If Christian wants to reopen the discussion more power to him.

The profiles in /etc/apparmor.d/ aren't so much activated as they are the
active profile set, the intention being inactive profiles are stored else
where. We are moving in the direction of an aa-enable/aa-disable tooling, with
aa-disable being a first pass. I think the aa-enable tool didn't happen
because its is currently just removing a symlink so low priority.

