[Bug 893270] New: Yast AppApprmor - Removal of Functional Aspect to Create an AppArmor Profile by Self Learning an Application Execution
https://bugzilla.novell.com/show_bug.cgi?id=893270 https://bugzilla.novell.com/show_bug.cgi?id=893270#c0 Summary: Yast AppApprmor - Removal of Functional Aspect to Create an AppArmor Profile by Self Learning an Application Execution Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: secure@aphofis.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 The ability for Apparmor to create a profile by self leaning the use of an application has been removed. AppArmor's functional aspects get removed 1 after another. The ability to create an email notification has gone in 12.3 but the creation of a Mail Server to facilitate email notification is Yast works perfectly well. I'm not sure what taught at Uni now but for an application to have its functionality removed rather than corrected or fixed was known as not the way to develop software. If an aspect or API in this case doesn't work we just dont get rid of it or are there other reasons I'm not aware of please. Is AppArmor no longer a Major System Benefit the on the Side of our Boxes of software? Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: Removal of Functionality Expected Results: Correction and Enhancement of functionality -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c1
Christian Boltz
The ability for Apparmor to create a profile by self leaning the use of an application has been removed. AppArmor's functional aspects get removed 1 after another.
The commandline tools (aa-logprof etc.) still work and are actively maintained. AppArmor 2.9 will even include some new tools - the most important ones are aa-mergeprof (to merge two profiles) and aa-cleanprof (to remove duplicated/superfluous rules). I'm not involved in the YaST side of things, so let me assign this bug to the YaST team.
The ability to create an email notification has gone in 12.3 but the creation of a Mail Server to facilitate email notification is Yast works perfectly well.
For sending a mail, you need input ;-) - and that's what was broken since quite some time and therefore removed. (And yes, this part was also removed upstream because nobody had time to maintain it.) If you want mail notifications, setup a daily cronjob like aa-notify -s 1 -v | mail -s "AppArmor report" root
I'm not sure what taught at Uni now but for an application to have its functionality removed rather than corrected or fixed was known as not the way to develop software. If an aspect or API in this case doesn't work we just dont get rid of it or are there other reasons I'm not aware of please.
Is AppArmor no longer a Major System Benefit the on the Side of our Boxes of software?
I'm not too interested in buzzword bingo ("Major System Benefit"), but let me assure you that I'm very interested in maintaining AppArmor on openSUSE. (I'm using it myself ;-) However, I can't speak for the YaST team - that's why I reassign this bug to them. @YaST team: if you want to do bigger changes, please base them on the new python utils from AppArmor 2.9 (beta1 packaged in home:cboltz, but there were quite some upstream fixes since then). I'll happily help on the AppArmor side (including changes in the python code if needed), but I'm not familiar with YaST coding. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c2
Scott Couston
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c3
--- Comment #3 from Scott Couston
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c4
Steffen Winterfeldt
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c5
--- Comment #5 from Scott Couston
https://bugzilla.novell.com/show_bug.cgi?id=893270
https://bugzilla.novell.com/show_bug.cgi?id=893270#c6
--- Comment #6 from Scott Couston
The apparmor module doesn't have a maintainer. Volunteers welcome.
Steffen Since 12.1 functionality has been removed from Yast Apparmor for every release there after. In 12.1 the correction was made that enabled the online sharing of others profiles they created. In 12.2 this online sharing was removed and email notification was removed. In 12.3 the ability to create a new profile via a 'lerning mode' was removed and replaced to what is currently shown in Apparmor 12.3 to 'scan for applications running' and thus the user created a learn profile however this has never worked in 12.3. Now in 13.1 this ability to create a learned profile has been removed and my guess is that its come from Novell.com Enterprise which may have flowed backward...anyway that's a theory. So as the API is changing functionally that person must exist. I'll look up help to find all the AA command line functions but the selection of 'documentation' from a default KDE install is not selected by default. Local help in general has no info in it as the package group that installed, their help and man pages went with 12.x and the ability for the user to recreate indexes as more packages are installed with their help files, no longer available. The help module in general is useless in two ways now...It contains very little content and no ability to search as indexes can be generated after you install a package or install man pages. Help without indexes is useless. I logged that bug back in 12.x as the theory of using net based help is not a good one its more data and processing load, less functionality specific to the installation IF the user has a workable Internet connection in the first instance. I noticed the new emphasis on quality assurance the the opensuse page and finally I hope you'll be given a paid problem manager. Without a dedicated Problem Manager, PMS systems are pretty useless and in 16 years of moving from site to site in Europe, the UK and the USA; I have never once seen a PMS system with no full time problem manager as its fundamental purpose become a mute point. Having so many bugs out must be disheartening given the resources you have available but someone has control of Apparmor to retract things with every release. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com