https://bugzilla.novell.com/show_bug.cgi?id=724829 https://bugzilla.novell.com/show_bug.cgi?id=724829#c4 --- Comment #4 from Sascha Peilicke <speilicke@suse.com> 2011-11-14 14:49:39 UTC --- If $FOO would be helpful when $CONDITION is met, we should wait for $CONDITION to happen. Enabling by default means maintaining it, means updating profiles once application behavior changes. This usually includes bug reports of 'broken' apps first. Maybe the majority of confined services don't change that much, but I would like to see a real assessment of AppArmor before we pretend it adds any value. Even if we have some profiles, are we really sure they actually do what they're supposed to do (i.e. catch all security-relevant cases) or is this just a it-feels-safer (tm) solution? Has it been proven that AppArmor itself isn't subject to security issues? Are there reported cases where it really defeated a security breach? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.