[Bug 531512] New: Yast AppArmor - Unable to Save Changes to:- and Serious Problems with the WHOLE Collection of AppArmor Icons off YaST
http://bugzilla.novell.com/show_bug.cgi?id=531512 Summary: Yast AppArmor - Unable to Save Changes to:- and Serious Problems with the WHOLE Collection of AppArmor Icons off YaST Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: alpha096@virginbroadband.com.au QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.10) Gecko/2009042700 SUSE/3.0.10-1.1.1 Firefox/3.0.10 Security Event Notification - where the severity cannot be changed from 0 and saved to any other value. Security Event Report - where it is not possible to save a different export type other than 'both' Security Event Report - where the 'Next" button closes the Window and sub service of AppArmor. Add Profile Wizard - Create a test profile name>Next> I dont know what language "lbarsov, espenbo, kover" options are written in. The help for this page, whilst comprehensive, does not discuss why this application needs an online internet connection? The Help for just about all AppArmor screen, in particular the help on "Add Profile Wizard, is informative but lacks realistic examples and its hard to read - Its a bit like reading 'BIND ' In the Add Profile Wizard is is possible to create the application 'test' and the 'browse button browses the root of the directory structure. The AppArmor 'Profile Repository setup' from the 'Add Profile Wizard' offers a Dialogue Window, with no associated help on the window and can only be switched between "create a new user" and "login as a registered user" or "Cancel" without any explanation nor clarification. If the "Cancel" button is used to close the "register or login window" it closes to a blank screen with the mid of the whole process not being completed with "Next" where upon the Add Profile Wizard closes. Reproducible: Always Steps to Reproduce: 1.its a disaster - the whole lot of all AppArmor controls in this and other bug reports that are not duped 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=531512 Scott Couston <alpha096@virginbroadband.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alpha096@virginbroadband.co | |m.au Depends on| |531162 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=531512 User alpha096@virginbroadband.com.au added comment http://bugzilla.novell.com/show_bug.cgi?id=531512#c2 --- Comment #2 from Scott Couston <alpha096@virginbroadband.com.au> 2009-10-25 04:36:12 MDT --- QA! Please chase status. This whole module in YAST is an absolute disaster -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=531512 http://bugzilla.novell.com/show_bug.cgi?id=531512#c Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=531512 http://bugzilla.novell.com/show_bug.cgi?id=531512#c Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kmachalkova@novell.com |jsrain@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=531512 http://bugzilla.novell.com/show_bug.cgi?id=531512#c3 Jozef Uhliarik <juhliarik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |juhliarik@novell.com AssignedTo|jsrain@novell.com |juhliarik@novell.com --- Comment #3 from Jozef Uhliarik <juhliarik@novell.com> 2010-03-23 18:24:00 UTC --- OK guys "I am" new maintainer of yast nodule for AppArmor. I try to fix it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Jozef Uhliarik <juhliarik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|juhliarik@novell.com |jsrain@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c4 --- Comment #4 from Scott Couston <scott@aphofis.com> 2011-09-08 07:24:05 UTC --- Created an attachment (id=449712) --> (http://bugzilla.novell.com/attachment.cgi?id=449712) Security IS a real Global threat we continue to ignore and provide inadequate protection - See hyperlinks in pdf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c5 --- Comment #5 from Scott Couston <scott@aphofis.com> 2011-09-08 07:25:21 UTC --- In all seriousness I think the whole Yast Module front end to Apparmour needs a TOTAL rewrite after much reflection. The module has no real thought progression form in its current useless state 1 Turning it on with options to add new learned profiles 2 Notification types and severity's on each profile 3 Changing it with options to email notifications (POP) VIA TLS/SSL + sendmail 4 Demand Reporting options to screen or printer Comprehensive help screen within yast help + add every apparmour event to audit logs for applications the centrally view, read and act on hundreds of PC's - Complex Event Processing Application - already exist The only trouble with apparmour as it is now, the user has no idea if its working or doing anything. Its not a big ask to expect final QA certification of the state of the original and current module +Actually working and the GUI interface actually doing something -Sorry guys we dont need to be wise in hindsight to expect this basic level of quality -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEW Component|AppArmor |AppArmor Version|Final |Milestone 1 AssignedTo|jsrain@suse.com |jeffm@suse.com Product|openSUSE 11.1 |openSUSE 12.1 Target Milestone|--- |Milestone 1 Summary|Yast AppArmor - Unable to |Yast AppArmor - Serious |Save Changes to:- and |Problems with the WHOLE |Serious Problems with the |Collection -Strongly |WHOLE Collection of |Suggest Total Rewrite |AppArmor Icons off YaST | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |717152 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jeffm@suse.com |juhliarik@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Bug 531512 depends on bug 531162, which changed state. Bug 531162 Summary: The Addition of YaST>Apparmour>Update Profile wizard does not hint at which type of password nor does it even function it the correct ones are inserted. http://bugzilla.novell.com/show_bug.cgi?id=531162 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c7 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |scott@aphofis.com AssignedTo|jeffm@suse.com |jsrain@suse.com --- Comment #7 from Jiri Srain <jsrain@suse.com> 2011-09-29 09:31:37 UTC --- Scott, I'm trying to look into this bug. You are right that the YaST AppArmor module deserves a rewrite, but still think that this can be done continuously as individual components of AppArmor are developing as well; it makes no sense to rewrite YaST knowing that it will have to be rewritten again for next version of AppArmor. To your bug in the initial comment: Security Event Notification is now fixed (in SVN trunk, will go to Factory latest early next week) Security Event Report - where it is not possible .... don't understand this one Security Event Report - where the 'Next" .... fixed in SVN trunk Add Profile Wizard - I could not find the texts which you mentioned anywhere; still valid in Factory? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c8 --- Comment #8 from Jiri Srain <jsrain@suse.com> 2011-09-29 09:48:59 UTC --- Regarding help texts: It would be really helpful if you could suggest the improvements in a more specific way - unlike the developers, you are user without the full background (sorry if this sounds offensive, I hope you know what I mean here) - therefore you can much better add parts which sound too obvious to us. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c9 --- Comment #9 from Jiri Srain <jsrain@suse.com> 2011-09-29 12:39:49 UTC --- Add Profile Wizard's first step is now a full-window dialog. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c10 Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|scott@aphofis.com | --- Comment #10 from Scott Couston <scott@aphofis.com> 2011-10-01 00:54:29 UTC --- Jiri Scott, I'm trying to look into this bug. You are right that the YaST AppArmor module deserves a rewrite, but still think that this can be done continuously as individual components of AppArmor are developing as well; it makes no sense to rewrite YaST knowing that it will have to be rewritten again for next version of AppArmor ITOTALLY AGREE! When we add new modules to the Apparmour range under its Yast Heading we just need to maintain continuity of the entire Apparmour Modules if each change takes time. Security Event Report - it is not possible to save a different export type other than 'both' - Security Incident Report>Edit>.. Security Event Report - where the 'Next" button closes the Window and sub service of AppArmor. -Security Event Report>Add> The first planet will not validate important fields left blank AND moreover after we more into second stage with 'Next" there is no validation of mandatory items, like filename Add Profile Wizard - Create a test profile name>Next> I dont know what language "lbarsov, espenbo, kover" options are written in. -Add Profile Wizard>type in a name and hit 'Create' - See attached - I totally agree I dont know the full background of Apparmour - BUT as a user I expect it to work or function as designed - Its not a big ask for something to work and the state Apparmour has been in since 10.2 ( My first version) cannot show that it actually does 'something' I would be happy to write English Help if you want to send me the new YAST as a RPM and functional spec on .PDF - Too easy for you Hope this helps Jiri -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c11 --- Comment #11 from Scott Couston <scott@aphofis.com> 2011-10-03 00:42:22 UTC --- Created an attachment (id=454109) --> (http://bugzilla.novell.com/attachment.cgi?id=454109) Image to clarify confusion of Add Profile Wizard - I could not find the texts which you mentioned anywhere; still valid in Factory Jiri - Dont worry - You never insult me at all - Even though most users are volunteers I still treat the project with professionalism. Nothing I write is ever meant to be personal - I have been working in I.T for over 28 years now. I helped create 'secure flight' if you want to google it - The box is in the U.K! I would be most happy to write English technical help/Help Screens in Yast. I have written functional specifications for both technical and non technical audiences countless times. Ask me for anything please :-) I am sure you are aware of the world wide, agreement; for the first time, that the Internet needs to become a great deal more secure. I know there are huge efforts being made to try and achieve this at a very high level. If you look at the dependant bugs you can see my thoughts on Drastically Enhancing Security. In short I thing we can to do a few major things. 1. Get rid of this hopeless external/Internal zone firewall stuff - It offers little security AND hampers any further attempts to increase security. 2. As we do have the processing power, unlike our competitor, we can build an ALG process where we can filter the payload data or the TCP part of HTTP/FTP/VOIP 3. Move ALL data payload traffic to HTTPS/POP3-SSL/FTP-SSL....etc. via the huge implementation of the PKI's world wide in huge numbers, however the problem here is SELF signed certificates...I have many ideas and happy to talk about security - Its my Full-Time job - IPV6 will solve nothing as far as security goes...Sorry for the lengthy texts from me always...:-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c12 --- Comment #12 from Jiri Srain <jsrain@suse.com> 2011-10-04 08:09:22 UTC --- I will send you an RPM once I build it (resp. I will submit it to Factory). To ease the stuff for now, I have disabled the Reports module - because aa-eventd was disabled in upstream AppArmor without its replacement. I realized that after writing my comments above. I will re-enable (and fix) it when AppArmor provides this functionality again. Now I'm going to look where the weird words come from. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c13 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |suse-beta@cboltz.de --- Comment #13 from Jiri Srain <jsrain@suse.com> 2011-10-04 11:12:45 UTC --- I tried to reproduce the weird strings, but failed. I fact, I even could not find the dialog in the screenshot, could you, please, specify the version of openSUSE, yast2-apparmor as well as all apparmor packages? Or, could you also reproduce it with 12.1 snapshots? Analyzing current code, there is only one place where these weird strings could get into YaST (all other radio buttons have hardcoded labels), and that comes form AppArmor itself. Cristian, as you helped me during last week, do you have any idea where they can come from? (see screenshot in comment #11) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c14 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|suse-beta@cboltz.de | --- Comment #14 from Christian Boltz <suse-beta@cboltz.de> 2011-10-04 13:35:30 CEST --- It looks like they come from the (now by default disabled) profile repo, and therefore probably from the "create profile" YaST module. To verify, go to http://apparmor.opensuse.org/profiles/find_by_name - search for /usr/bin/test and have a look at the usernames of the profiles that are listed for openSUSE 11.0 (!). That said: If the profile repo would still be used, a help or introduction text would be quite useful. For example: "There are some profiles available in the online profile repository. Please choose which user's profile you want to use and verify its content before using it." (If it isn't too much work for you, you should add that text even if this dialog is disabled currently.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c15 --- Comment #15 from Jiri Srain <jsrain@suse.com> 2011-10-04 12:40:54 UTC --- Looking at the code, the whole dialog (including the buttons below) comes from AppArmor.pm. The YaST code works only as an interpreter here. To enhance the help, it would be desirable that it was provided directly by AppArmor.pm (or at least this one needs to hint YaST that it does not show the usual contents - file, resource, which program accessed and asks for permission - but a profile from the repository. Without this information, YaST has quite a hard time to exchange even the help (well, that would only be possible based on the buttons, which does not sound error-proof). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c16 Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|openSUSE 11.1 |openSUSE 11.3 --- Comment #16 from Scott Couston <scott@aphofis.com> 2011-10-04 22:14:34 UTC --- My Apologies - The faults described here were taken fro RC 11.3 - its the same as in 11.1 but for clarity I have corrected the version the bugs came from. Given that we dont know if Apparmour does anything at all, and only has questionable notifications if system mail is both set and configured, and the Global movement to far greater security; 12.1 was selected for hopeful fix. The dependency bug indicates the failings of the current firewall in respect to functionality and usability and again notification of events is poorly dealt with. If we are to commit man hours to correct Apparmour then I think it would be equally as both are complementary and both can use the same code written as far as the notification mechanism at the very least. important to re-evaluate Suse Firewall. In both these bugs I am qualified to discuss highly technical aspects of functionality, admittedly I cant write the Yast front end code - I am happy to discuss and talk in highly technical security terms for both Apparmour and the SPI of Suse Firewall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c17 --- Comment #17 from Scott Couston <scott@aphofis.com> 2011-10-04 22:18:08 UTC --- Jiri, can we move to online help updates, the same way we have functional updated for all yast services?? It would make updates/corrections so easy?...Just a thought -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c18 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |scott@aphofis.com --- Comment #18 from Jiri Srain <jsrain@suse.com> 2011-10-05 13:05:35 UTC --- I have submitted latest version of the package to YaST:Head and created a submit request to Factory. Scott, as I could not reproduce the "weird strings" issue, could you, please, reproduce it and provide me the logs at that point of time when the dialog is shown? Then I will have the dump of the data transferred from the back-end and will be able to add some explanation text based on it. Use version from YaST:Head (package version 2.21.5). If you can provide suggestions for help improvements, I will appreciate it (just paste current version and suggested update either here or to an email). Thanks for your cooperation! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c19 --- Comment #19 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-10-05 16:00:07 CEST --- This is an autogenerated message for OBS integration: This bug (531512) was mentioned in https://build.opensuse.org/request/show/86668 Factory / yast2-apparmor -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c20 --- Comment #20 from Scott Couston <scott@aphofis.com> 2011-10-05 21:08:57 UTC --- Jiri, give me a few days - I'm in the middle of designing an Enterprise...(well I’ll be in the middle of it for the next 2 years) . Leave needinfo status until then I will give you both screen shots and logs in the coming days - Do you want ALL yast logs or can you narrow it dow for me??... I can probably suggest a few things for Apparmour...In the dependant bug I have set out a major improvement plan for Suse SPI firewall..again I'm not sure it does anything at all. I can offer suggestions for the notification Module of Apparmour which is the same thoughts for the Firewall - I'll do it along industry standards for syslog priority.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c21 --- Comment #21 from Jiri Srain <jsrain@suse.com> 2011-10-06 08:52:54 UTC --- The only log I will need is /var/log/YaST2/y2log at the point of time when the weird dialog is shown. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c22 --- Comment #22 from Scott Couston <scott@aphofis.com> 2011-10-06 21:45:55 UTC --- Created an attachment (id=454960) --> (http://bugzilla.novell.com/attachment.cgi?id=454960) complete collection of apparmour image bugs Not fields are not validated, things just dont work....As this is production - all you can do is laugh to save your dismay - Title of images is of great note here. Jiri - I upload you log later in my morning -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c23 Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|scott@aphofis.com | --- Comment #23 from Scott Couston <scott@aphofis.com> 2011-10-06 22:32:58 UTC --- Created an attachment (id=454964) --> (http://bugzilla.novell.com/attachment.cgi?id=454964) Log as requested Jiri, I created a Vanilla Installation and Vanilla Apparmour. The log file I attached corresponds to the pictures in the order they were taken on the particular subject. You should be able to match image with log file is ALL instances. Hope this helps. This type of coding should never have got out of University let alone into a World Wide Production System - QA should be hanged and the tester that certified the code to be put online should also hang! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c24 --- Comment #24 from Christian Boltz <suse-beta@cboltz.de> 2011-10-07 00:53:37 CEST --- Scott, just FYI: The code that was used for the reporting part (aa-eventd and Immunix::Reports) is currently unmaintained upstream (and is useless in its current state because the audit.log format changed). Therefore the reports module will not be shipped in openSUSE 12.1 (it's as useless as the unmaintained upstream code). It will come back when the reporting is fixed upstream. In the meantime, aa-notify can give you a summary of the events in audit.log. If you want a daily report, setup a cronjob that mails the aa-notify result to you. Nevertheless the other parts (create/edit/remove/... profile) should of course work. It would be very helpful if you can setup a (maybe virtual) machine with the latest 12.1 factory version - Jiri worked on the YaST modules in the HackWeek, and I upgraded the apparmor package to 2.7 beta2, which also fixes lots of bugs. Testing with 12.1 factory would have two advantages: - you are using the latest version and don't need to report already solved issues - we get the latest code tested ;-) (If you already use 12.1 factory: even better ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c25 --- Comment #25 from Jiri Srain <jsrain@suse.com> 2011-10-07 10:35:57 UTC --- Scott, is there the screenshot as attached to Comment #11 covered by the log? It seems to me it is not; having it covered would help me detect this situation properly and enhance the usability of this dialog... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c26 --- Comment #26 from Scott Couston <scott@aphofis.com> 2011-10-07 22:17:24 UTC --- Jiri, Unpack all the screen shots in comment #22. The title of each screen shot is specific to the problem. The screen shots explore ALL the issues with all apps headings in Yast>Apparmour -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c27 --- Comment #27 from Scott Couston <scott@aphofis.com> 2011-10-08 09:19:52 UTC --- Jiri, O.T I really don't normally like testing opensuse beta software. In a commercial sense our opensuse beta release is alpha and release is beta. In this occasion I will load a non production test PC that I have with 12.1. At some time in the future I think all users need to vote on our product life-cycle and question the date driven times which dictate release of a new version. I think we waste far too many man hours just tooling up for release when these could be spent on quality. I think it would be better to have Service Pack Releases. Now on topic we have no facility that forms the delivery method of all Yast apps that have any type of notification. We can set up Apparmour notifications even though the email address field will accept anything and I mean anything...Its is a screen shot example I have given you In fact every screen shot I have given you shows the horrendous errors in almost of of Apparmour and sometime I think it best to remove the whole Apparmour code until it both works and its horrendous errors are corrected! - I know that's not going to happen. On the topic of notifications we see in the installation option 'receive system mail - (to the user) ' this can only be received if we set up system mail. The same goes for apparmour, if it indeed does anything at all in its notifications - I think it time to abandon system mail use, leave the functionality but offer contemporary SMTP/POP/SSL. We could have a notifications heading in Yast for which all notification of ANY apps that has notification fields, like apparmour would use as the global default. I think we must provide contemporary email handling well away from system email config that almost no one knows/or ever configures in their email client. As far as log files - OMG! I think we have to more to the syslog conventions of priority and its liberal message format; disposal to an IP on UDP514 (default), where the can be monitored in realtime. Yes I know its a very small addition to the syslog-ng fconfig file. Keep the log files and log-rotate by all means, but again offer a default notifications list of IP's the default of UDP514 etc but put the log entries into Industry standards! This too could set nicely in the same notifications subset in Yast as well as SMTP/SSL disposal as in the above. I am not going to waist time writing up a feature request for Yast, this could be far easily driven and done inhouse. I'll play with 12.1 for you mate Scott - Sorry for the Epistle:-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c28 --- Comment #28 from Scott Couston <scott@aphofis.com> 2011-10-08 09:23:52 UTC --- Jiri, Forgot - If its o.k with you I'll move the target to 12.2 - I had no idea 12.1 was at factory and we must think about fixing the Suse Firewall as in the dependant bug. Security is now a much talked about Global concern we we are well behind in many ways and M.S has gone off the deep end with their solution - mainly as the have no processing ability left to squeeze out! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c29 --- Comment #29 from Scott Couston <scott@aphofis.com> 2011-10-10 22:35:24 UTC --- Sorry Christian, Comment #27 is very much for you as well It would also be advantageous for you to view all the JPG attachments title of "complete collection of apparmour image bugs" To be perfectly honest, after you view the JPG images, I dont believe Apparmour does anything at all - I hope Global Yast notification addition and Syslog Standards in C#27 has a great deal of merit but like all changes to Yast they must be driven internally and this burden I leave with you and Jiri I cannot stress the importance of viewing all JPG images titled 'complete collection of apparmour image bugs' -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c30 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |scott@aphofis.com --- Comment #30 from Jiri Srain <jsrain@suse.com> 2011-10-11 06:48:14 UTC --- Scott, I think that we should change the way to tackle the AppArmor module. I don't want to question the fact that it deserves a complete rewrite, anyway, as I'm not able (time-wise) to do it and don't think anyone else wants to step in, we need a different approach. Having a list of screens which should be changed is useful - but, to be honest, not that much if it includes almost every screen. Also, it is not easy to track the progress. Could you, please, identify the three top issues of the module and file them as separate bugs (and assign them to me)? I don't want to pick them myself, you as someone who actually uses the module can do much better job here. Then it will be much easier to fix them one-by-one, in the order of severity for you - a real user. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c31 --- Comment #31 from Christian Boltz <suse-beta@cboltz.de> 2011-10-11 21:04:48 CEST --- (In reply to comment #29)
I have viewed all the JPGs, and, big surprise, they don't look cryptic to me ;-) because I know enough about AppArmor. That doesn't make the YaST modules really good and easy to use, but explains the problem - people who know AppArmor will also understand the YaST modules (which are basically a clickable GUI for the aa-* commandline tools).
I dont believe Apparmour does anything at all -
Trust me - it does ;-)
I cannot stress the importance of viewing all JPG images titled 'complete collection of apparmour image bugs'
As I said: basically YaST makes the aa-* commandline tools clickable. For people who know AppArmor, that's perfectly fine (I prefer the commandline tools, but that's OT here). For people who don't know anything about AppArmor, the YaST dialogs are as understandable (or not) as the aa-* tools on the commandline. The easiest bugfix would be to recommend to RTFM ;-) (there's a nice chapter about AppArmor in the openSUSE security guide) but I know that users don't like to read the fine manual ;-) even if it would be a very good idea when it comes to security-relevant topics like AppArmor. That said, I agree with Jiri's proposal: name the top 3 issues that should be fixed step by step, and if possible, describe how to make them better. (And please don't read the manual before doing that - you would no longer be a "real user" ;-)) Oh, and BTW: (In reply to comment #27)
[...] this could be far easily driven and done inhouse.
Inhouse? Do you see any @suse.com or @novell.com in my mail address? ;-) I'm "only" a community member who cares about the apparmor package since some months (and about the profiles since a longer time). The reason is fairly simple: I need AppArmor on my servers. Not more, not less ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c32 Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|scott@aphofis.com | --- Comment #32 from Scott Couston <scott@aphofis.com> 2011-10-11 21:21:32 UTC --- Christian - I never underestimate the good other members do - I cannot comment directly in this form of the different undertone that Yast has. Saying Trust me it works is about as logical as 'Trust me I'm a doctor...(giggles) As for Yast Apparmour working --- The whole notification Module does nothing.... Jiri, sorry about the above Your quote below has great merit and logic! :-)
Yes off course I see the value in your thoughts and will assist with 3 separate BUGs. I will change the action code here soon and link but not make dependant the 3 new bug types...Did you get a laugh at the notification example.. I think using the email field to enter Jiri@#######.overworked.com was the perfect example of a field that will accept ANY character and then do nothing about a valid entry..Which comes down to the only valid entry is to use a system mail format NOT POP3...Words fail me with this one.. I get it done mate...:-) Scott -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c33 --- Comment #33 from Christian Boltz <suse-beta@cboltz.de> 2011-10-12 00:25:15 CEST --- (In reply to comment #32)
And that's why 12.1 will not contain the notification module ;-) (see comment #24 for the details). My statement was meant for the things that are available in 12.1, and I'm quite sure they work. And at least my statement was more correct than your "I dont believe Apparmour does anything at all" *g,d&r* BTW: It's "AppArmor", not "AppArmo_u_r" - but your version sounds lovely *SCNR* That said: Let's avoid over-general statements (like "$program is bug-free") - they'll never be 100% correct ;-) Instead, let's get the work done to make openSUSE better!
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c34 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #34 from Jiri Srain <jsrain@suse.com> 2011-11-02 09:59:05 UTC --- I'm closing this bug, as, as I wrote above, it is unhandle-able. Scott, please, file me few most critical issues as I suggested above. Please, base them on latest 12.1/Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c35 --- Comment #35 from Scott Couston <scott@aphofis.com> 2011-11-03 21:57:32 UTC --- Sorry Jiri for the Critical but from a user concept there is no proof it works at all. I cannot understand why you wound say Christian that there's nothing wrong in the images. Every single image shows that fields are not validated, infact you can enter anything at all and even use non-asci characters. There is no facility to provide SMTP services for 'email notifications' - The premise that the notification fields reply on system email is not valid. The selection of a severity notification does not hold as modified after setting and reopening the module. Without the ability to provide notifications, having modification made and saved, provide no facility to send out the alerts - Tells me that the Yast Module on Apparmour does nothing and is broken to say the least. Every image shows an error in the GUI that just does not work, or does nothing, or is 'UNUSABLE' - Put you user cap on and stop being a teck...Thats what we all do - we want to make the whole product usable..but then.... I remind myself that NO modification is ever made to Yast as a result of a user issue..I would suggest you not try to convince me otherwise as it would cause your mail server to fal over with all the new message repeats :-0 Yes I understand that all of Yast is a front end to command lines - Microsoft had a product that was totally dependant on command lines once - It died as the premise that every user is also a I.T teck of some sort did not work out too well. Personally I would love nothing more than command line inputs, but without a GUI interface that is usable and works...we will eventually go the way of DOS. The whole reason for the existence of a GUI is that it makes the whole product usable - Personally I dont mind if its there or not, but the rest of the planet certainly does. Until we test every GUI application, front end etc. before RC, our product is doomed for a very very slender part of the world market -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c36 --- Comment #36 from Jiri Srain <jsrain@suse.com> 2011-11-04 09:35:10 UTC --- Scott, I don't convince you that the module is perfect. But just sending an image without stating what's wrong with that particular screen simply does not work. If you see any deficiency in a dialog, then describe it. "Find it in the image yourself" simply does not work. That's why I suggested to pick few most urgent issues and report them as a separate bug - because a beast like this one is not possible to be handled. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c37 --- Comment #37 from Scott Couston <scott@aphofis.com> 2011-11-20 14:51:06 UTC --- My Apologies for the delay – I had a few weeks holiday. With respect to my 'strien' language OOOps...Yes I now understand the bad inference with my spelling AppArmor...Its not easy switching between English US to UK to AU depending on who you are talking to. There is nothing really cryptic about the images and the naming convention of the images. Putting a user GUI hat on we want that user to understand the directory nature of where all applications are stored so the browse button does NOT prepare a user to find application to protect easily. If fact is very hard for a user to fund the files which launch all application if they want to build a propile to protect that application. Likewise we are assuming the user understands the report writer in Yast and what all the library files contain and do...Its not happening for a user in this respect. When I say that AppArmor does not do anything and does not work this is based on the user concept of: If you cannot produce a report that can be understood – It does not work If you cannot set priorities and severities that remain selected once modified, It does not work If you cannot provide email notification on anything – It does not work... For something to work the UI needs to be credible...Its not!The UI also needs to be friendly in the browse box – Its not The UI needs to be able to product a readable report on demand – Its not. The UI needs to be able to notify a user. It can't Just about all fields of the 'Control Panel' are not validated or cannot hold a modification – Therefore – It does not work … The whole setup and flow of the UI is stupid...Select the 'Control Panel' and it opens Configuration I think you get the idea........It may work beautifully as a console input/output so why do we bother to try to create a GUI that 'does not work -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c38 --- Comment #38 from Scott Couston <scott@aphofis.com> 2011-11-30 21:32:15 UTC --- There is NOTHING cryptic is all the images - If you unpack the attachment 'complete collection' the file names of the errors that are evident to the image are perfectly clear - I gather no one has done this..The image file name are an exact description of what is wrong with the image files supposed function - You may consider reopening this bug after you can see the description of the bug in the image file name -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c39 Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #39 from Scott Couston <scott@aphofis.com> 2011-12-01 20:18:40 UTC --- Jiri at the very least could you please unpack the image files. Viewing them without seeing the file name does not tell you anything about the fault that is in the image file. You can close as wontfix again if you want, but I would ask you to please unpack the image files so you can see that there’s nothing cryptic! The long name of the im,age file is descriptive of the error/bug in the image...Thanks - You know me a little better than writing up lengthy descriptive bug without due concern - Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |jsrain@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c40 Jiri Srain <jsrain@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|jsrain@suse.com | Resolution| |WONTFIX --- Comment #40 from Jiri Srain <jsrain@suse.com> 2011-12-02 12:03:48 UTC --- Scott, I of course unpacked the archive and checked the images - not all, just few random ones. profile-wizard-1 does not say what is wrong with it. And, additionally, as I said: Because I help with AppArmor module more or less in my spare time, it is hard to track multiple bugs in one report. That's why I asked for one bugreport per bug - and, in order to spend the time as usefully as possible, pick just few which are most important for you for the beginning. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c41 --- Comment #41 from Scott Couston <scott@aphofis.com> 2011-12-03 01:05:15 UTC --- My Apologies for jumping to a conclusion. I can open a new bug and detail the errors in just 1 of the 7 categories in Yast. I can see that this would be so much more helpful and I am guessing easier to fix! As I will be happily dealing with you - I am happy to do this as I know I wont get a wonfix back asking me to keep it all together. O.T. God is looks terrible and hard in .EU atm - Thank goodness for Germany and France. Watching Al-Jazeera news and DW TV puts the world in a better perspective - remember there’s nothing newsworthy in the southern hemisphere:-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c Scott Couston <scott@aphofis.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|717152 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=531512 https://bugzilla.novell.com/show_bug.cgi?id=531512#c42 --- Comment #42 from Christian Boltz <suse-beta@cboltz.de> 2011-12-03 17:08:39 CET --- (In reply to comment #41)
I can open a new bug and detail the errors in just 1 of the 7 categories in Yast.
Thanks in advance! Please make sure to base your bugreports on openSUSE 12.1. Some YaST modules there already got some small fixes, and others were removed because the underlying code for reporting (aa-eventd) in apparmor is deprecated and doesn't understand the new audit.log format. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com