On 02/10/2014 08:56 AM, Chris Wayne wrote:
Jamie,
Thanks for reviving this, it definitely needs more action.
I don't think the plan should be to move it into a different deb package shipped
in the rootfs. I thought the plan was to ship everything device-specific in the
device tarball? (That is after all, the whole purpose of this thread :) )
I don't have a strong opinion on this (though it sounds like others might), but
for apparmor, I just need a decision on the directory and then I can move the
existing hardware-specific policy to it. Do note, this directory must exist and
will need to be created by apparmor-easyprof-ubuntu, which means that this
directory will exist on all systems with apparmor-easyprof-ubuntu installed (ie,
desktop systems with the sdk installed now and all desktop systems once we move
to unity8).
Would it be acceptable to make (some part of) /usr/share/apparmor/hardware/*
read/write via /etc/system-image/writable-paths so the device tarball can unpack
there or is there some hard requirement that it must live in /custom? (I'm not
super keen on /custom on desktop systems, but maybe that is exactly what we
want-- OEMs for desktop system could ship policy there too)
