mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Page: IRC_meeting_2024 06 11
Pages
2.12.4_Signatures 2.13.10_Signatures 2.13.11_Signatures 2.13.3_signature 2.13.4_signature 2.13.7_Signatures 2.13.8_Signatures 2.13.9_Signatures 3.0.10_Signatures 3.0.11_Signatures 3.0.12_Signatures 3.0.13_Signatures 3.0.8_Signatures 3.0.9_Signatures 3.1.1_Signatures 3.1.2_Signatures 3.1.3_Signatures 3.1.4_Signatures 3.1.5_Signatures 3.1.6_Signatures 3.1.7_Signatures 4.0.0 alpha2_Signatures 4.0.0 alpha3_Signatures 4.0.0 beta4_Signatures 4.0.1_Signatures 4.0.2_Signatures 4.0.3_Signatures 4.1.0 beta1_Signatures 4.1.0 beta4_Signatures About AbstractionsGuide AlternativeMethodsforSystemWideRestrictions AppArmor and Kubernetes AppArmor2FeatureABI AppArmorAPIs AppArmorAuditing AppArmorClassNumbers AppArmorDBus AppArmorDelegation AppArmorDynamicIncludes AppArmorFeatureABI AppArmorFeatureABIinteractions AppArmorGSettings AppArmorInSystemd AppArmorInterfaces AppArmorJournald AppArmorLabelsandTypes AppArmorLinuxNamespaces AppArmorLog AppArmorMLS AppArmorMonitoring AppArmorNamespaces AppArmorObjectDelegation AppArmorPolicy AppArmorPolicyScope AppArmorPolicyTOC AppArmorPolicyView AppArmorPortals AppArmorProfileSpec AppArmorProgramaticApplicationPolicy AppArmorRBAC AppArmorSandboxing AppArmorSnappyDesktop AppArmorStacking AppArmorSystemWideRestrictions AppArmorTrustedHelpers AppArmorUpdateGuidelines AppArmorUserDefinedPolicy AppArmorWine AppArmorXace AppArmor_Core_Policy_Reference AppArmor_Failures AppArmor_History AppArmor_Model AppArmor_Presentations AppArmor_versions AppArmor_versions_2.1 AppArmor_versions_2.10 AppArmor_versions_2.11 AppArmor_versions_2.12 AppArmor_versions_2.13 AppArmor_versions_2.3 AppArmor_versions_2.4 AppArmor_versions_2.5 AppArmor_versions_2.6 AppArmor_versions_2.7 AppArmor_versions_2.8 AppArmor_versions_2.9 AppArmor_versions_3.0 AppArmor_versions_3.1 AppArmor_versions_4.0 AppArmor_versions_4.1 AppArmorpolicyfeaturesDev AppArmorpolicyversioning Apparmor_parser Apparmorbinarypolicy Apparmorearlypolicy Apparmorinitrd Apparmorpolicycache Apparmorpolicymanagement Apparmorpolicymanagement2x Binary_Profile_Language Binary_profile_format BugTracking Coding Style CollaborativeProfileDevSpec CombiningStackingAndNamespaces CommitPolicy CompilerImprovements Complain Mode Confining_all_tasks Controlling_Profile_State CreatingPolicy DeprecateProfilePathName DevelopmentRoadmap Distro_CentOS Distro_debian Distro_suse Distro_ubuntu Documentation EnvironmentVariables ExampleProfiles Extended_profiling_example FAQ Firejail FullSystemPolicy GettingStarted Gittutorial IRC_meeting_2010 IRC_meeting_2011 IRC_meeting_2012 09 25 IRC_meeting_2012 11 06 IRC_meeting_2012 12 04 IRC_meeting_2012 IRC_meeting_2013 01 08 IRC_meeting_2013 02 05 IRC_meeting_2013 03 01 IRC_meeting_2013 05 14 IRC_meeting_2013 06 11 IRC_meeting_2013 07 09 IRC_meeting_2013 08 13 IRC_meeting_2013 10 08 IRC_meeting_2013 11 13 IRC_meeting_2013 IRC_meeting_2014 02 24 IRC_meeting_2014 06 10 IRC_meeting_2014 07 08 IRC_meeting_2014 09 09 IRC_meeting_2014 10 14 IRC_meeting_2014 11 05 IRC_meeting_2014 12 09 IRC_meeting_2014 IRC_meeting_2015 02 10 IRC_meeting_2015 03 10 IRC_meeting_2015 04 14 IRC_meeting_2015 05 12 IRC_meeting_2015 06 09 IRC_meeting_2015 07 14 IRC_meeting_2015 11 17 IRC_meeting_2015 IRC_meeting_2016 01 19 IRC_meeting_2016 09 13 IRC_meeting_2016 IRC_meeting_2017 10 10 IRC_meeting_2017 11 25 IRC_meeting_2017 12 13 IRC_meeting_2017 IRC_meeting_2018 01 16 IRC_meeting_2018 02 15 IRC_meeting_2018 12 11 IRC_meeting_2018 IRC_meeting_2019 04 09 IRC_meeting_2019 06 13 IRC_meeting_2019 10 08 IRC_meeting_2019 IRC_meeting_2020 01 14 IRC_meeting_2020 02 11 IRC_meeting_2020 02 12 IRC_meeting_2020 03 10 IRC_meeting_2020 04 10 IRC_meeting_2020 04 28 IRC_meeting_2020 06 09 IRC_meeting_2020 09 08 IRC_meeting_2020 10 13 IRC_meeting_2020 IRC_meeting_2021 07 13 IRC_meeting_2021 11 09 IRC_meeting_2021 12 14 IRC_meeting_2022 02 08 IRC_meeting_2022 08 09 IRC_meeting_2022 10 11 IRC_meeting_2022 11 08 IRC_meeting_2022 12 13 IRC_meeting_2022 4 12 IRC_meeting_2022 7 12 IRC_meeting_2023 02 14 IRC_meeting_2023 06 13 IRC_meeting_2023 08 08 IRC_meeting_2023 09 12 IRC_meeting_2023 10 10 IRC_meeting_2024 01 09 IRC_meeting_2024 04 09 IRC_meeting_2024 06 11 IRC_meeting_2024 08 13 IRC_meeting_2024 09 10 IRC_meeting_2024 10 08 IRC_meeting_2024 11 12 IRC_meeting_2025 01 14 IRC_meeting_2025 02 18 Integrating Test plan Kernel_Feature_Matrix Kernel_interfaces Launchpadtutorial Libvirt ManPages MeetingAgenda Mod_apparmor Mod_apparmor_example Multi Category Security (MCS) Pam_apparmor Pam_apparmor_example PerformanceImprovements Policy_Layout ProfileLanguage Profile_repo Profile_variants Profiles Profiling_by_hand Profiling_with_tools QuickProfileLanguage RBAC_2_0 RBAC_2_1 RBAC_2_3 RBAC_2_5 README Raising_Task_Capabilities ReleaseProcess Release_Notes_2.10.1 Release_Notes_2.10.2 Release_Notes_2.10.3 Release_Notes_2.10.4 Release_Notes_2.10.5 Release_Notes_2.10.6 Release_Notes_2.10 Release_Notes_2.11.1 Release_Notes_2.11.2 Release_Notes_2.11.3 Release_Notes_2.11.4 Release_Notes_2.11 Release_Notes_2.12.0 Release_Notes_2.12.1 Release_Notes_2.12.2 Release_Notes_2.12.3 Release_Notes_2.12.4 Release_Notes_2.12 Release_Notes_2.13.1 Release_Notes_2.13.10 Release_Notes_2.13.11 Release_Notes_2.13.2 Release_Notes_2.13.3 Release_Notes_2.13.4 Release_Notes_2.13.5 Release_Notes_2.13.6 Release_Notes_2.13.7 Release_Notes_2.13.8 Release_Notes_2.13.9 Release_Notes_2.13 Release_Notes_2.14 Release_Notes_2.4 Release_Notes_2.5.1 Release_Notes_2.5.2 Release_Notes_2.5 Release_Notes_2.6.0 Release_Notes_2.6.1 Release_Notes_2.7.1 Release_Notes_2.7.2 Release_Notes_2.7 Release_Notes_2.8.1 Release_Notes_2.8.2 Release_Notes_2.8.3 Release_Notes_2.8.4 Release_Notes_2.8.5 Release_Notes_2.8 Release_Notes_2.9.0 Release_Notes_2.9.1 Release_Notes_2.9.2 Release_Notes_2.9.3 Release_Notes_2.9.4 Release_Notes_2.9.5 Release_Notes_3.0.1 Release_Notes_3.0.10 Release_Notes_3.0.11 Release_Notes_3.0.12 Release_Notes_3.0.13 Release_Notes_3.0.2 Release_Notes_3.0.3 Release_Notes_3.0.4 Release_Notes_3.0.5 Release_Notes_3.0.6 Release_Notes_3.0.7 Release_Notes_3.0.8 Release_Notes_3.0.9 Release_Notes_3.0 Release_Notes_3.1.1 Release_Notes_3.1.2 Release_Notes_3.1.3 Release_Notes_3.1.4 Release_Notes_3.1.5 Release_Notes_3.1.6 Release_Notes_3.1.7 Release_Notes_3.1 Release_Notes_4.0 alpha1 Release_Notes_4.0 alpha2 Release_Notes_4.0 alpha3 Release_Notes_4.0 alpha4 Release_Notes_4.0 beta1 Release_Notes_4.0 beta2 Release_Notes_4.0 beta3 Release_Notes_4.0 beta4 Release_Notes_4.0.1 Release_Notes_4.0.2 Release_Notes_4.0.3 Release_Notes_4.0.4 Release_Notes_4.1 beta1 Release_Notes_4.1 beta2 Release_Notes_4.1 beta3 Release_Notes_4.1 beta4 Release_Notes_4.1 beta5 Release_Notes_4.1 beta6 Release_Notes_4.1.0 beta1 Release_Notes_5.0 Revising_and_fine_tuning_policy_and_abstractions Sandstorm StackingConfiningUsers TechnicalDoc TechnicalDoc_DBusRuleEncoding TechnicalDoc_DFA TechnicalDoc_FileRuleEncoding TechnicalDoc_HFA TechnicalDoc_HFA_Layout TechnicalDoc_HFA_permissions TechnicalDoc_Kernel TechnicalDoc_MountRuleEncoding TechnicalDoc_Mount_Flags TechnicalDoc_NetworkRuleEncoding TechnicalDoc_PolicyDB TechnicalDoc_Policy_Layout TechnicalDoc_Proc_and_ptrace TechnicalDoc_RulePathEncoding TechnicalDoc_XWindowsRuleEncoding Translations Unconfined, the unconfined flag and default allow Userconditional Users in AppArmor Userspace_Feature_Matrix Versioning WorkItems _sidebar aparmor_policy_development_guide apparmor 5 config layout spec apparmor_compiler_development_guide apparmor_kernel_development_guide apparmor_kernel_development_guide_notifications apparmor_library_development_guide apparmor_profile_tools_guide apparmordynamicpolicy apparmorpolicyfeaturesABI apparmorversioning bubblewrap clearcontainers containers docker flatpak gVisor home how to setup a policy namespace for containers io_uring rules kata containers kubernetes manpage_aa audit.8 manpage_aa autodep.8 manpage_aa cleanprof.8 manpage_aa complain.8 manpage_aa decode.8 manpage_aa disable.8 manpage_aa easyprof.8 manpage_aa enabled.1 manpage_aa enforce.8 manpage_aa exec.1 manpage_aa features abi.1 manpage_aa genprof.8 manpage_aa logprof.8 manpage_aa mergeprof.8 manpage_aa notify.8 manpage_aa remove unknown.8 manpage_aa status.8 manpage_aa teardown.8 manpage_aa unconfined.8 manpage_aa_change_hat.2 manpage_aa_change_profile.2 manpage_aa_features.3 manpage_aa_find_mountpoint.2 manpage_aa_getcon.2 manpage_aa_kernel_interface.3 manpage_aa_policy_cache.3 manpage_aa_query_label.2 manpage_aa_splitcon.3 manpage_aa_stack_profile.2 manpage_apparmor.7 manpage_apparmor.d.5 manpage_apparmor_parser.8 manpage_apparmor_parser manpage_apparmor_xattrs.7 manpage_logprof.conf.5 manpage_mod_apparmor.8 mqueue rules nabla containers no_new_privs profileflags prompt v3 interface rule operations rule prefixes and modes runV runc sanitized_helper security@apparmor template reply unprivileged_unconfined_restriction unprivileged_userns_restriction wip conditional policy
1 IRC_meeting_2024 06 11
John Johansen edited this page 2024-06-11 19:06:42 +00:00 
(11:01:13 AM) jjohansen: cboltz, georgiag, mbelair, sbeattie, sarnold, anyone else who is interested, meeting time
(11:01:22 AM) ***georgiag is here
(11:01:44 AM) ***cboltz is 50% here
(11:02:05 AM) ***iskunk is here
(11:05:21 AM) jjohansen: so we don't really have anything on the agenda, maybe policy layout but I don't think I am ready to discuss that
(11:05:39 AM) jjohansen: so I will give a quick update
(11:06:20 AM) jjohansen: 4.x has so far proven to be quite buggy, we are working on a 4.0.2 release before we make the broader 4.0 release announcement
(11:06:37 AM) jjohansen: I think we are close now
(11:06:57 AM) jjohansen: cboltz: how do feel the tool side is?
(11:08:06 AM) cboltz: when the pending MRs are merged, and the bug I opened for unix rules is fixed, the tools should be fine
(11:08:37 AM) jjohansen: ack, I think the parser is largely the same
(11:08:59 AM) jjohansen: so hopefully, we can cut a new release this weekend
(11:09:19 AM) jjohansen: kernel side: there is a lot in flight
(11:10:16 AM) cboltz: having 4.0.2 soon would be nice, the patch count in the openSUSE package is a bit ;-) larger than I'd like
(11:10:28 AM) jjohansen: the goal is to merge more cleanups upstream for 4.11, it would be nice if we can get to the dfa merge but I doubt that will happen as I don't have it ready yet
(11:10:43 AM) jjohansen: the only feature I would like to see land is af_uinx mediation
(11:11:11 AM) jjohansen: however it will break abi, so current user space parsers will not support it
(11:11:48 AM) jjohansen: support in userspace might be backported to 4.0.x
(11:12:04 AM) jjohansen: so it doesn't have to wait for the fall release
(11:13:34 AM) cboltz: will that then need <abi/4.0.3> or so? ;-)
(11:13:38 AM) jjohansen: the fall release is currently scheduled as 4.1 however, if we manage to land rule priorities, boolean operations, and a couple other things that are wip the policy we be different enough to justify going with 5.0
(11:14:17 AM) jjohansen: cboltz: yes, use of the new upstream af_unix will require a new abi file
(11:14:41 AM) jjohansen: its a good point. Policy won't just start using it
(11:15:04 AM) jjohansen: backporting it would only make it available
(11:15:24 AM) cboltz: that sounds like a good argument to switch the version number to 4.1 - and make 4.0.x a _really_ short-lived release
(11:15:45 AM) jjohansen: though there might be potential to have a config to promot the af_unix in the old abi to allow use of new
(11:16:12 AM) jjohansen: cboltz: actually that isn't a half bad idea
(11:22:21 AM) iskunk left the room.
(11:22:34 AM) iskunk [~oftc-webi@sas08022.nat.sas.com] entered the room.
(11:22:45 AM) jjohansen: okay, that is all I have
(11:23:09 AM) jjohansen: so time to open it up, does anyone else have something they would like to discuss?
(11:23:20 AM) iskunk: I have a few questions
(11:23:34 AM) jjohansen: iskunk: ok, go
(11:23:50 AM) iskunk: dbus labels: before I could do name=org.freedesktop.UPower, now there's only label=unconfined ... how does that get straightened out? it's not just writing up profiles for them, is it?
(11:25:21 AM) iskunk: (btw, the webchat frontend dropped me for a few minutes, in case I disappear)
(11:26:06 AM) jjohansen: iskunk: can you clarify about now there is only label=unconfined?
(11:26:06 AM) jjohansen: has name= been dropped from the profile
(11:26:06 AM) jjohansen: is it not being reported
(11:26:06 AM) jjohansen: is the parser dying on it
(11:26:06 AM) jjohansen: is logprof/genprof dying on it
(11:26:17 AM) jjohansen: also are you using dbus or dbus-broker
(11:26:52 AM) jjohansen: iskunk: yeah noticed the drop, no worries, nothing happen while you were out either
(11:27:32 AM) iskunk: (great!) this is related to the firefox profile MR... I had a profile break due to the name= no longer being set, just the label. (I am using the same profile on debian+ubuntu, so there may be a difference in the distro setup)
(11:28:30 AM) iskunk: I'm just wondering what is needed so that all dbus endpoints have a proper name, since it seems haphazard whether it's set or not from aa's pov
(11:30:05 AM) iskunk2 [~iskunk@sas08022.nat.sas.com] entered the room.
(11:30:20 AM) iskunk: arrrgh
(11:30:51 AM) jjohansen: ah! got it
(11:31:00 AM) iskunk2: (trying hexchat now)
(11:31:22 AM) jjohansen: unfortunately it is some what hap hazard
(11:31:57 AM) iskunk2: there's no way to set it reliably with some config?
(11:32:26 AM) iskunk2: (then again, I would think it would get the name the same way it gets the dbus path/interface/etc.)
(11:33:41 AM) jjohansen: so name= is depend on how the application registers with the dbus. It is up to the application/service to be consistent
(11:34:31 AM) iskunk2: hmmm... that's odd, I wouldn't expect to see a regression like this, then. so if I see a dbus service that doesn't have a proper name, I can file that as a bug against the service?
(11:34:59 AM) jjohansen: there are so technicalities around dbus and name= that I am not remembering, so I could be getting something wrong, I will need to dig a little
(11:35:24 AM) jjohansen: but yeah it might be a bug in dbus, or in the service
(11:35:47 AM) iskunk2: okay. I just want to know what is needed to get this resolved, as it's been an ongoing annoyance. will get back to you on the MR for addressing that specific profile.
(11:35:56 AM) jjohansen: or it is possible that there is a patch in recent dbus that changed something. I am going to have to do some digging, to figure out which it is
(11:36:13 AM) iskunk2: wouldn't expect that to cause a regression, either... at least, I'd hope not
(11:36:27 AM) iskunk2: new Q: is the aa 4.0 bugginess the reason it's not yet in debian?
(11:36:49 AM) jjohansen: for the label= portion, we just want to abstract that to a variable, based on what the expect target is like UPower
(11:37:13 AM) cboltz: you'll have to ask the Debian apparmor maintainer ;-)
(11:37:14 AM) jjohansen: atm that variable might just specify
(11:37:14 AM) jjohansen: @{UPower}=unconfined
iskunk iskunk2 
(11:37:41 AM) iskunk2: but is there a way to write the profile so that either label=unconfined or name=Foo.bar... is accepted?
(11:37:55 AM) jjohansen: iskunk2: partially, while we have cut releases, we haven't done an official announcement either
iskunk iskunk2 
iskunk iskunk2 
(11:38:20 AM) jjohansen: iskunk2 yes
(11:38:25 AM) iskunk2: I was surprised to do a sid testing install and still see all the old 3.x stuff
(11:38:49 AM) jjohansen: @{UPower}=unconfined Foo.bar
(11:38:52 AM) iskunk2: can I do e.g. ({label=unconfined,name=Foo.bar})
(11:39:08 AM) jjohansen: will allow unconfined of Foo.bar
iskunk iskunk2 
(11:39:35 AM) iskunk2: but one is "label", the other is "name" ...
(11:40:22 AM) jjohansen: oh I sorry, I missed that.  No that isn't possible in one rule, you can get that with 2 rules
(11:40:58 AM) iskunk2: ah, nuts. would it be OK for now to just do without that last line, no label nor name?
(11:41:05 AM) jjohansen: one will have
(11:41:05 AM) jjohansen:   name=Foo.bar
(11:41:05 AM) jjohansen: the other will have
(11:41:05 AM) jjohansen:    label=unconfined
(11:41:05 AM) jjohansen: the rest is the same
(11:41:35 AM) iskunk2: would make for a lot of extra verbiage in the profiles if you want to cover your bases
(11:41:37 AM) jjohansen: yes its not the cleanest solution but it will work
iskunk iskunk2 
(11:42:25 AM) iskunk2: okay, please let me know (in the MR) what the root cause is, if bug reports need to be filed against other projects I'll be happy to go after them.
(11:42:29 AM) jjohansen: iskunk2 specifying neither will work it, will then allow any value for those two conditionals that have been left off
iskunk iskunk2 
(11:42:45 AM) jjohansen: iskunk2: ack
(11:43:16 AM) iskunk2: that's what I'm thinking as a stopgap measure. the rule is already matching the other dbus keywords, so it shouldn't be too bad, I hope
(11:43:41 AM) jjohansen: right
(11:44:16 AM) iskunk2: new Q: re 4.0 bugginess, I've run into some cases where an application is affected by restrictions (I can see the syscalls failing in strace), yet there is no aa denial message in syslog. is that considered a filable bug?
(11:44:42 AM) jjohansen: yes
(11:45:01 AM) iskunk2: okay, i've got a bit of material there
(11:45:27 AM) iskunk2: new Q: feasible to get in some profile backports to 4.0 before the next release?
(11:46:39 AM) jjohansen: basically, if you have an issue file it, we will work it and try to figure out why. Once its figured out it will get fixed or if it isn't actually apparmor then at least we know that and it can be closed that way to
iskunk iskunk2 
(11:47:04 AM) iskunk2: mainly wondering if that was a known issue already
(11:47:27 AM) jjohansen: iskunk2: possible yes. a release this weekend would be nice, but it will also depend on bugs, and work todo
(11:48:06 AM) iskunk2: okay. I'll try to get the firefox MR sorted out asap, and then include it in a backport MR.
(11:48:15 AM) jjohansen: its less work to not have to do a 4.0.3 release a week or two after the 4.0.2 release so delay a little is an option
(11:48:49 AM) iskunk2: might end up needing the time... hope I'm not adding too much to your workload :-)
(11:48:50 AM) ***cboltz wonders if "no delay" was ever an option for releases
(11:49:21 AM) iskunk2: last Q: is there a known deadline for getting in a 24.04 SRU?
iskunk iskunk2 
(11:50:46 AM) georgiag: iskunk2: there's already one sru on the way: https://launchpad.net/ubuntu/noble/+queue?queue_state=1&queue_text=apparmor unfortunately we still need the SRU team to approve it so it will land in the -proposed pocket, then spend 7 days there and then it will be available in the -updates pocket
(11:50:47 AM) jjohansen: iskunk2: a specific SRU yes, in an SRU no. currently 4.0.1 is working its way through SRU so it is to late for that. We are planning on SRUing 4.0.2, so that is another opportunity
(11:51:05 AM) jjohansen: and I know we plan to do an SRU after 4.0.2
(11:51:59 AM) iskunk2: okay, understood. I'm assuming the backport is needed as a first step? and then the request to get those specific profiles updated in the SRU
(11:52:34 AM) jjohansen: cboltz: yes, "no delay" is an option. There has to be a good reason for it, because in my experience releasing a broken release instead of delaying is more work. And since we are already so resource constrained that really sucks
iskunk iskunk2 
(11:52:47 AM) jjohansen: iskunk2 yes
(11:53:22 AM) cboltz: agreed, broken releases don't help anyone
(11:53:27 AM) iskunk2: okay, sounds good. georgiag: thanks for the link, I see that went out a number of days ago, so no near miss there :)
(11:53:44 AM) jjohansen: or at least greatly preferred, Ubuntu side like suse side we are trying to keep the patchset carried beyound the upstream release minimal
(11:53:56 AM) georgiag: on the backport topic, I'd like us to try to always have a bug attached to the commit message, or to the merge request. that makes it a lot easier to file SRUs on ubuntu's side
(11:54:26 AM) iskunk2: all right, that's all on my end. will keep chugging away at those profiles, as usual. thanks for your help, everyone!
(11:54:51 AM) jjohansen: not just the Ubuntu side, it is pretty much a requirement on the debian side
(11:55:00 AM) cboltz: jjohansen: keeping the patch count minimal didn't really work for 4.0.1 - it came with some, well, surprises ;-)
iskunk iskunk2 
(11:55:06 AM) jjohansen: thanks for the work iskunk2
(11:55:35 AM) jjohansen: cboltz: indeed, but that is why you would like a 4.0.2 soon
(11:55:37 AM) jjohansen: us too
(11:55:38 AM) iskunk2: georgiag: understood. will try to do cherry-picks, but if it's just a new commit, I'll make sure to refer to bug reports
iskunk iskunk2 
(11:56:17 AM) jjohansen: iskunk2 yes just a buglink works. we don't care if its apparmor, debian, suse, ubuntu, ...
(11:56:50 AM) iskunk2: sounds good, there should be receipts for all the changes
(11:59:59 AM) jjohansen: does anyone have anything else they would like to discuss
(12:00:10 PM) georgiag: nothing else from me :)
(12:00:13 PM) cboltz: nothing from me
(12:00:25 PM) iskunk2: all good here
(12:01:30 PM) jjohansen: okay, I would like to skip the July meeting as atm I will likely be unavailable
(12:02:07 PM) jjohansen: so next meeting would then be August 13 @18:00
(12:02:23 PM) jjohansen: meeting adjourned
(12:02:23 PM) jjohansen: thanks everyone
(12:03:13 PM) cboltz: thanks