https://bugzilla.novell.com/show_bug.cgi?id=561152
https://bugzilla.novell.com/show_bug.cgi?id=561152#c19
--- Comment #19 from Elmar Stellnberger 2011-03-30 16:26:23 UTC ---
I believe we should have disabled all the apparmor profiles that don`t work
for the 11.4 release by default. Perhaps we find someone who can reliably test
through all of them. However we do still have enough time till the next release
so that we could approach a better solution:
Let auditd mirror all apparmor access denial messages to the console where
the program runs by default. This will avoid confused and perplexed users who
have no idea on why normal standard programs just don`t want to work. As a
goody we can output a message like "unprotect this program by 'complain
/etc/apparmor.d/sbin.dhclient' and complain
'/etc/apparmor.d/sbin.dhclient-script'".
The profile I have posted for dhclient lately does only cover the core
functionality of retrieving a dynamic IP but not nameserver router or wlan
configuration. Perhaps I will catch some time in late summer or autumn to
leverage updates for core profiles. To me personally if I consider it again
approaching to deploy SELinux does also become increasingly interesting since
it now offers protection for Xorg which Apparmor does not. An in deed curcial
component on every graph. desktop system. We don`t have the resources to extend
Apparmor as far as this; do we?.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.