[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#925130: [pkg-apparmor] Bug#925130: release-notes: [buster] AppArmor section is misleading as most profiles are not enforced

Control: tag -1 + moreinfo

Hi Mathieu,

thanks for caring.

Disclaimer: I didn't read the release notes bits Jonas wrote yet.

Mathieu Parent:
> But most profiles are in complain mode.

"most" of which set of profiles?

FTR, in a sid GNOME desktop VM with a few extra packages on top, that
ship AppArmor profiles (LXC, haveged, libvirt, snapd, tor,
Thunderbird, torbrowser-launcher), I see:

 - 31 profiles in enforce mode
 -  9 profiles in complain mode

It seems to me that most packages that ship AppArmor policy
set it to enforce mode. There are a few exceptions, e.g.:

 - apparmor-profiles: the label on the box explains why and should
   hopefully discourage the vast majority of users to install it)
 - Thunderbird
 - some of the LibreOffice profiles

Thanks again!

Cheers,
-- 
intrigeri
Reply to: