Remove <apparmor/> from default system.conf, session.conf

The AppArmor and SELinux modes both default to "enabled" (i.e.
enable it if and only if it is supported), so there is no need to
add their element to system.conf unless a system integrator wants
to set them to either required or disabled.

However, if we add <apparmor/> on upgrade from 1.9.10 to 1.9.12,
any subsequent attempts to reload bus configuration before the
next reboot will fail, because the dbus-daemon that is already
running does not support that element.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89231
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

diff --git a/bus/session.conf.in b/bus/session.conf.in
index d2e3f2d05d1aad6cb55f229fa7a8effeeef1fd03..cfe9544fbe5913127df116d260870bfaf629a3d9 100644 (file)
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -25,9 +25,6 @@
     <allow own="*"/>
   </policy>
 
-  <!-- Enable AppArmor mediation when it is available -->
-  <apparmor mode="enabled"/>
-
   <!-- Config files are placed here that among other things, 
        further restrict the above policy for specific services. -->
   <includedir>session.d</includedir>

diff --git a/bus/system.conf.in b/bus/system.conf.in
index fc472bd76b82bc802479ba82ca8fb56ac61c7e5e..ac78c734f53837ddec8ea336e597b795d0e03e1f 100644 (file)
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -97,9 +97,6 @@
            send_interface="org.freedesktop.DBus.Debug.Stats"/>
   </policy>
 
-  <!-- Enable AppArmor mediation when it is available -->
-  <apparmor mode="enabled"/>
-
   <!-- Config files are placed here that among other things, punch 
        holes in the above policy for specific services. -->
   <includedir>system.d</includedir>