Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
apparmor - nuisance or blessing?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Wed, 19 Apr 2006 09:47:48 +0200
  • Message-id: <e24pv4$d64$1@xxxxxxxxxxxxxxxx>
I'm aiming at starting a debate here - not solving a problem.

I'm currently testing/running 10.1RC1 on a couple of systems, but the
version is really less important. I've got a few changes to make to the
postfix config, and frankly, apparmor keeps getting in my way. I
change a transport map in main.cf, apparmor complains. I add an smtpd
daemon in master.cf, app-armor complains.

Novell (in the shape of Seth Arnold) have been very forthcoming with
help and suggestions, which I much appreciate, but - if it wasn't for
apparmor, I'd have a lot less to do.

After I modify e.g. /etc/postfix/main.cf, I may need to run 'aa-genprof'
as appropriate to update apparmors profile. Whether my changes
necessitate an apparmor profile update I can only tell by restarting
postfix, then check either /var/log/mail or /var/log/audit/* for
errors.
And frankly, that becomes a bit of a nuisance. Does apparmor really
have to watch my every move? Is there perhaps a warning mode switch I
haven't spotted?


/Per Jessen, Z├╝rich


< Previous Next >
Follow Ups