https://bugzilla.novell.com/show_bug.cgi?id=198361 ------- Comment #4 from alpha096@tpg.com.au 2007-01-27 02:28 MST ------- No apology necessary Seth, and thanks for the new bookmark I have in directory structure ;-) By now I have had more time and developed more understanding of the problems you quite rightly allude to in providing default profiles. Another problem which I later though of was the ongoing maintenance of each release default profiles. I think it would consume 1 man/release period of time to retain both backwards and forwards computability in an update installation. If every new installation was a totally new one you may have some scope in contemplating some default profile a little further. The new learning mode is good, however I ran into a problem of leaving an application open and AppArmor learning for too long. I started to profile firefox and let AppArmor learn for about a week - well you can imagine the result. I forgot the system turns into a pumpkin at midnight (log rotate) and I was left nothing like a handsome prince at the end of the week in my new profile. Seriously though, I don't really think you can ever make AppArmor much more friendlier. Like a simple firewall application (non-spi) you really do need an understanding of TCP/UDP/ICMP. I spend most of my life supporting clients with Hardware IDS/IDP systems where there is no default "allow everything" rule and the client has to create every permission for their companies needs. Fortunately I get their IDS system logs via VPN and I can sought them out. I will have another chat to you later re AppArmor in Beta testing 10.3. Because I use Evolution and a KDE desktop I cannot use 10.2 and I was very disappointed in the update routine in 10.2 - Just a little disenchanted until next release. Cheers Scott -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.