[pkg-apparmor] Bug#830502: Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode
Seth Arnold
seth.arnold at canonical.com
Fri Aug 11 01:12:13 UTC 2017
On Thu, Aug 10, 2017 at 05:50:41PM -0400, intrigeri wrote:
> Context: this is about the apparmor-profiles package, that has no
> reverse-dependency, so this whole thing is not such a big deal (users
> [...]
> 2. Install *all* the profiles shipped by this package to
> /etc/apparmor.d/, set it in complain mode.
>
> (Once it's been clarified what this package is about, let's smooth
> the "get started with contributing to these profiles" process.)
The quality levels of the profiles in this package -- and their relevance
to modern systems -- is probably too varied at this point to suggest
turning them all on in any capacity by default. If Someone were to go
through them with an eye towards heavily pruning what should be pruned
first, this might be a reasonable idea.
I think I'd rather they all be installed on the side though, and perhaps
suggested by the tools, if they don't already.
It would be nice to have more examples that we're not ashamed of more
widely available :)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20170810/06dc77bc/attachment.sig>
More information about the pkg-apparmor-team
mailing list