1. Have a simple default configuration for Samba, like in Ubuntu where it simply works out of the box. a. Fix AppArmor so it isn't battling with Samba constantly.
2. AppArmor desktop notifier. It would be nice for the user to know when AppArmor blocks something, and be able to click straight through to the Profile Update wizard. But even somethin as simple as a system announcement would be superior and be picked up by the KDE notification system.
While the idea behind AppArmor is good, the whole concept dies without maintenance. Ideally, upstream projects would care for AppArmor profiles (as much as they would care for SELinux), or if not, beloved packagers would spend their precious time maintaing AppArmor profiles for each of the many thousands of packages that are currently in Factory. Reality hits hard in that case, we have around 10 services that have really working, up-to-date AppArmor profiles. The other profiles we ship come from Ubuntu and do not necessarily match or packages. The packages with the most security issues have none (like Firefox, Flash player, Adobe Reader). The question is, why do we force this onto (primarily) desktop users by default? I'm sure, the seasoned admins using openSUSE will cry out loud, how we could actually think about such a move. But really, we should either don't enable AppArmor and/or don't even install the packages by default. It just doesn't make any sense. For most users, the AppArmor experience only involves silently failing applications, as we lack desktop integration (as you mentioned). And it's one of those daemons (together with auditd) that are usually removed first on any fresh installation. Everyone that would complain about such a move is invited to fix the profiles we have or even create _and maintain_ new ones. Otherwise I proposing a grace period for people to step up and get rid of this for 12.1. However, the situation is completely different on SLE, but that's not to be discussed here, please. -- Mit freundlichen Grüßen, Sascha Peilicke