On Monday 09 December 2013 16:44:37 Claudio Freire wrote:
On Mon, Dec 9, 2013 at 5:29 AM, Sascha Peilicke
wrote: Running "aa-logprof" is no big deal for an experienced admin, but having
ready-to-go apparmor profiles would make life easier for the newbie.
Haha, good one. I have seen several profiles created by "experienced admins" and its really hard to not open up more than you have too. Do you know why we switched it off by default in the first place?
False sense of security due to bad profiles?
Unfortunately, yes. Part two was apparmor's opaqueness for the (desktop) end user. I think the latter point is mostly solved since cboltz did a hell of a job updating / fixing apparmor profiles. Still, I don't think enabling by default provides much value out of the box. Therefore we have far to little profiles available. I'd personally favor the current opt-in approach. People with security demands can probably <strike>copy-paste</strike>carefully create profiles themselves that are tied to their specific environment. Generic profiles for everything are always too loose for somebody and to strict for somebody else.
I would like, however, that packagers were encouraged (while not forced) to provide profiles.
I would like that too. However, so far this didn't really happen.
Good ones or not, that should be decided in a review by the security team I'd guess.
Good point, the review team can definitely ask security when apparmor profiles are added or changed. However, this can only be informal. We can't decline Factory submissions because the apparmor profile is wrong unless we declare that a goal for the distro. -- With kind regards, Sascha Peilicke SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org