Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] apparmor - nuisance or blessing?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Wed, 19 Apr 2006 14:26:06 +0200
  • Message-id: <20060419122606.GA19190@xxxxxxx>
On Wed, Apr 19, 2006 at 02:21:46PM +0200, Per Jessen wrote:
> Alexey Eremenko wrote:
>
> > AppArmor can be turned off. If you have problems with it - turn it
> > off.
>
> Yeah, I know. I did also suggest to Novell to have it turned off by
> default, but their reasoning was to leave it on by default to create
> more feedback. Which in a way makes sense, except when you have to
> update apparmor profiles whenever you change the slightest config.
> That's why I thought it might make sense if apparmor didn't see things
> as either black or white, but would just warn people when it detects
> something unexpected. Otherwise Novell will end up with zero feedback
> because everyone just turns it off.

You can set profiles to "complain" instead of "strict" mode.

foo flags=(complain) {
... stuff ...
}


Or use the "complain" helper program, see "man complain".

Ciao, Marcus

< Previous Next >
Follow Ups