On Thu, Oct 06, 2011 at 12:51:48PM +0200, Sascha Peilicke wrote:
On Thursday 06 October 2011 12:44:18 Ludwig Nussel wrote:
Stephan Kulow wrote:
Am Donnerstag, 6. Oktober 2011 schrieb Ludwig Nussel:
No doubt about that. I was baffled when I noticed the installed profiles are mostly useless in a default install and the init script dog slow (see also bnc#689458). Who is 'we' though? I would have expected that the security team is asked before changing security features of the distribution.
I had the impression you and Marcus at least are part of this list. http://lists.suse.de/opensuse-factory/2011-08/msg00345.html triggered no response and as such Sascha changed the patterns.
I don't read each and every mail esp if the subject seems uninteresting. Hehe, unrelated to that, cboltz started fixing the profiles we ship, so apparmor even got better after we removed it from the default patterns :-)
And therefore we turn it on by default again? Oh, yes, the initial startup time of the system is more important than security. Can't we populate the apparmor cache as part of the installation/ upgrade/ maintenance of the system? AA caused issues to Samba in the past. Nevertheless I like to have it enabled by default again. With profiles wher we're not sure if they work correctly we might run it in complain mode. This reminds me to the open issue we had discussed in the past with regard to Samba, YaST, AA, and newly added shares. \: Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany