- replace example calls of /etc/init.d/apparmor with apparmor.service
- drop /etc/init.d/apparmor in filelist
- replace /var/lib/apparmor/ with /var/cache/apparmor/
Add additional info about complain mode, its behavior, how to enable
it and add warnings about its use.
In addition add info on how to set kernel parameters on boot for
the various options that are covered.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/722
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
At least that's how this patch started ;-)
The updated (and much bigger) patch
- removes the note about can ?not mknod
- also removes mount and umount from the can ?not list which are covered
by mount rules now
- updates the example audit.log lines to the current log format
- updates the description of the log format
Acked-By: Seth Arnold <seth.arnold@canonical.com> (on IRC)
Seth also promised a follow-up patch with the remaining changes.
Move the apparmor.d(5), apparmor(7), apparmor_parser(8),
subdomain.conf(5) and apparmor.vim(5) (for lack of a better location)
into the apparmor-parser package.
