https://bugzilla.novell.com/show_bug.cgi?id=561152 https://bugzilla.novell.com/show_bug.cgi?id=561152#c19 --- Comment #19 from Elmar Stellnberger <estellnb@gmail.com> 2011-03-30 16:26:23 UTC --- I believe we should have disabled all the apparmor profiles that don`t work for the 11.4 release by default. Perhaps we find someone who can reliably test through all of them. However we do still have enough time till the next release so that we could approach a better solution: Let auditd mirror all apparmor access denial messages to the console where the program runs by default. This will avoid confused and perplexed users who have no idea on why normal standard programs just don`t want to work. As a goody we can output a message like "unprotect this program by 'complain /etc/apparmor.d/sbin.dhclient' and complain '/etc/apparmor.d/sbin.dhclient-script'". The profile I have posted for dhclient lately does only cover the core functionality of retrieving a dynamic IP but not nameserver router or wlan configuration. Perhaps I will catch some time in late summer or autumn to leverage updates for core profiles. To me personally if I consider it again approaching to deploy SELinux does also become increasingly interesting since it now offers protection for Xorg which Apparmor does not. An in deed curcial component on every graph. desktop system. We don`t have the resources to extend Apparmor as far as this; do we?. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.