On Tuesday 10 January 2006 18:22, Andreas Jaeger wrote:
"Joseph M. Gaffney"
writes: Excellent news... do we know if it will it be enabled by default, like SELinux on many other distros?
I plan to install the packages by default if you do a basic installation.
Good idea.
Enabling of the profiles is something I'd like to see in the end - the question is whether the profiles can be preconfigured in such a way that the users do not need to make additional changes to have a working and secured system. So, for beta1 I plan to not enable it by default and hope that people enable for testing and report back.
It might take a while to get to the 'enabled by default' stage. I was bitten in the early stages of using AppArmor by the simple fact of not remembering it was enabled to start at boot. You can get some strange results depending on the application, e.g. a PHP script that would try to start but immediately stop with an error stating that it couldn't read itself! You need to remember to watch the /var/log/messages file for subdomain errors.
But let's ask the AppArmor developers on what they think and how to help them best,
I'm very willing to contribute the few profiles that I've created - NetMail 3.5x, eDirectory 8.7x and one or two other more minor applications.
Andreas
Cheers Pete