Le 03/09/17 à 13:01, intrigeri a écrit :
Hi Laurent!
Hello,
I think that having the denials of a MAC properly logged is important for both people developing their policy and also for intrusion/non conformity detection.Laurent Bigonville:IMVHO, in regard to the recent proposal of enabling apparmor in debian by default, this needs to be addressed first.I'm genuinely curious why this should be a blocker for Debian: this is not obvious to me as a number of distros could enable AppArmor by default and can apparently live with this bug. Can you please make it explicit, e.g. describing what exact use cases would be harmed by enabling AppArmor by default without fixing this bug first?
If someone wants to send their logs to some logging services (ELK/splunk/...) having the messages properly logged/categorized seems to be the start here.
Kind regards, Laurent Bigonville