On 08/05/2017 01:31 AM, intrigeri wrote: > What's the cost for package maintainers? > ---------------------------------------- > > For most of them: none at all. As said earlier, our AppArmor policy > does not cover that much software yet. So how will bug reports work? For instance I turned it on and now I see a bunch of warnings[1] from Thunderbird and a bunch of actual failures when opening links (which is completely broken), because Thunderbird cannot exec google-chrome-beta. What about integration issues where a browser should be able to register itself as a browser and hence be available from applications that try to open links? Right now thunderbird's profile is owned by thunderbird. Is thunderbird's maintainer expected to deal with all of these issues? Should there be some kind of tool where the apparmor team could aggregate the updates? (I.e. routinely review denies?) Kind regards Philipp Kern [1] e.g. [ 3459.624852] audit: type=1400 audit(1509283082.571:59): apparmor="DENIED" operation="file_inherit" profile="thunderbird//gpg" name="/usr/share/thunderbird/omni.ja" pid=24720 comm="gpg2" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [2] e.g. [ 3795.153239] audit: type=1400 audit(1509283418.100:64): apparmor="DENIED" operation="exec" profile="thunderbird" name="/opt/google/chrome-beta/google-chrome-beta" pid=31896 comm="thunderbird" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Attachment:
signature.asc
Description: OpenPGP digital signature