On 28/11/2018 23.04, Christian Boltz wrote:
Hello,
Am Mittwoch, 28. November 2018, 14:27:06 CET schrieb Ralph:
...
I guess I am going to have to change my method of naming backup copies of edited system files :-/
For AppArmor profiles, the best strategy is to move them out of /etc/apparmor.d/ (actually I'd recommend that for all /etc/whatever.d/ directories)
Since Carlos asked - suffixes that get ignored by the AppArmor tools (aa-logprof etc.) are:
aa.py: skippable_suffix = ( '.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~' )
Ah, jstar uses '~' so I'm safe :-) May I suggest you add ".bak"? I think some editors use it, but I don't know which.
libapparmor (and apparmor_parser, if you give a directory as parameter) also ignores these suffixes.
However, you accidently found a bug ;-) - the script that loads the profiles doesn't ignore *.orig and *.rej files. I just submitted https://gitlab.com/apparmor/apparmor/merge_requests/282 so that the next maintenance release will fix this.
Ah
(As a sidenote - if you'd have used a not-ignored extension for your backup file, aa-logprof would have complained about having two profiles for the same program.)
Well, that's good, it detect duplicates. I think I have experienced this some time in the past. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)