http://bugzilla.novell.com/show_bug.cgi?id=506704 Summary: disable network if Apparmor can not be launched Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: estellnb@gmail.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko) SUSE Lately I have tried kernel-rt from the buildservice but did not know that it does not offer the kernel hooks needed to run Apparmor like that would have been the case for a vanilla kernel. My proposal would be to simply keep the network down if Apparmor is to be launched but can not be launched due to some reason and to notify the user that the network has not been initilized as a precaution. The user may invoke an rcnetwork restart if he really needs nw-access. Most times a vanilla kernel will just be used for testing anyway so that no nw acess should be necessary. Secludingly I wanna state that it should not be possible to circumvent the security measures of Apparmor by simply preventing it to be loaded for any reason without the user being notified about it. Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.