Overview
Request 449669 superseded
- delete /etc/apparmor.d/cache symlink. apparmor_parser will re-create
it as real directory. This is needed to avoid problems on boot if
/var/ is mounted too late (boo#1015249, boo#980081, bsc#1016259)
(Note: I'm not packaging /etc/apparmor.d/cache/ as directory to avoid
RPM update problems with the symlink -> directory change.)
- update to AppArmor 2.10.2 maintenance release
- lots of bugfixes and profile updates (including boo#1000201,
boo#1009964, boo#1014463)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
in aa-unconfined
- drop upstream(ed) patches:
- changes-since-2.10.1--r3326..3346.diff
- changes-since-2.10.1--r3347..3353.diff
- libapparmor-fix-import-path.diff (upstream fix is slightly different)
- nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- Created by cboltz
- In state superseded
- Supersedes 449601
- Superseded by 452189
- Open review for opensuse-review-team
- Open review for factory-staging
Request History
cboltz created request
- delete /etc/apparmor.d/cache symlink. apparmor_parser will re-create
it as real directory. This is needed to avoid problems on boot if
/var/ is mounted too late (boo#1015249, boo#980081, bsc#1016259)
(Note: I'm not packaging /etc/apparmor.d/cache/ as directory to avoid
RPM update problems with the symlink -> directory change.)
- update to AppArmor 2.10.2 maintenance release
- lots of bugfixes and profile updates (including boo#1000201,
boo#1009964, boo#1014463)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
in aa-unconfined
- drop upstream(ed) patches:
- changes-since-2.10.1--r3326..3346.diff
- changes-since-2.10.1--r3347..3353.diff
- libapparmor-fix-import-path.diff (upstream fix is slightly different)
- nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added factory-repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
maxlin_factory set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
maxlin_factory accepted review
Picked openSUSE:Factory:Staging:F
factory-repo-checker accepted review
Builds for repo security:apparmor/openSUSE_Factory
maxlin_factory accepted review
Removing from openSUSE:Factory:Staging:F, re-evaluation needed
maxlin_factory added factory-staging as a reviewer
Requesting new staging review
superseded by 452189
Static libraries should always land in /usr/lib, not /lib.
This request includes a maintenance release. Also, I plan to submit the 2.10.2 package to Leap 42.1 and 42.2. Moving files around in a maintenance update wouldn't be the best idea IMHO, and changing only the Tumbleweed package would mean I have to maintain two "branches" of the package.
I know that static libraries should be in /usr, and I'll fix this when updating to AppArmor 2.11 (which I'll submit as soon as this SR is accepted). 2.11 will bring quite some packaging changes, so I first want to have 2.10.2 in to reduce the amount of changes.
TL;DR: Please ignore the location of the static libraries a last time ;-)
??? What? apparmor_parser WRITES to /etc ? That's a terribly bad idea
I can understand why you hate this. I also don't really like it, but it's still better than not having the cache available at boot (which means longer boot times etc.).
Actually the reason why I introduced the symlink some years ago was exactly to avoid writing to /etc, but I didn't think about /var mount races back then.
I had a long discussion about this with the upstream developers a while ago, and the summary is that writing to /etc is not the best idea, but other solutions (like the symlink to var) cause even more trouble. BTW: In Ubuntu, apparmor_parser also writes its cache to /etc.
@kukuk I recall CaaSP does some magic with read-only file systems. I wonder if this will impact you in anyway
Writing cache files in /etc is the worst thing to do. It does not impact CaaSP directly (except that on CaaSP, /var is available before /etc is writeable, so this change would have the opposite effect), but would be a nightmare for snapshots and rollback.
Between: if /var is mounted to late something with the dependencies is wrong and the root cause should be fixed. On SLE12 the reason is simple: apparmor is still using a LSB init script. If it would be a systemd unit, you could tell systemd to mount /var first. Or do that already in the initrd.