Hello, Am Donnerstag, 28. November 2013 schrieb L.A. Walsh:
It's never been on by default before.
I'm sorry to disappoint you, but you are wrong ;-) Yes, there were one or two releases without AppArmor installed by default, but before that it has been installed and enabled by default since Novell bought Immunix in 2005. To get back on the more productive part - I'm aware of the problem and already working on updating the profiles. You can download the latest dovecot profiles from https://bugzilla.novell.com/show_bug.cgi?id=851984 (comment 8 includes a tarball) - feedback on them is more than welcome.
you are saying That the existing security mechanism = no security and that linux has never had any security until apparmor arrived. Um...I don't think your statement makes sense.
Unfortunately "secure" is not black and white - even if you think your system is secure, I'm quite sure it has some yet unknown bugs that could be exploited. Therefore it's always a good idea to have additional security added.
Generally, you don't let other people log onto your computer. If they have gotten that far, that's bad. AppArmor, is more for internal threats initiated from the computer on parts of itself.
As you might have noticed, most existing AppArmor profiles are for daemons (syslog, dovecot, samba etc.). Most of them need to have open network ports, so it's a bit more than "don't let other people log onto your computer". Today's attackers often come in over the internet. I fully agree that you can make a mail server much more secure by removing the network cable (and disabling wireless) - but such a mail server wouldn't be too useful ;-) Regards, Christian Boltz PS: For additional security, remove all cables from the server, dig a deep hole in your garden, put it into the hole and fill up the hole with concrete ;-) -- Ich bin beeindruckt! Windows startet nicht mehr -> Problem gelöst. Ich wünschte, ich könnte meine Probleme auch so befriedigend lösen. [Sandy Drobic in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org