On Thu, 2017-08-03 at 17:20 -0400, intrigeri wrote: > Hi Debian AppArmor team, upstream AppArmor people, people who > volunteered to review this text, a few maintainers of packages that > include AppArmor policy, and some innocent bystanders! > > Please review the attached proposal. I will send it to debian-devel@ > tomorrow around 6pm (Montréal time) after taking your feedback > into account. > > If you're at DebCamp, I guess that the process will be nicer both for > you and me if you grab me in person whenever you want to read the > draft and comment live. > > Thanks in advance :)
I read the entire draft. It reads well and covers a lot. I did want to mention that it may be worth pointing out that because of AppArmor upstream's efforts to push up the entire Ubuntu delta to the upstream kernel, Buster's kernel will hopefully/likely have everything and no out-of-tree patches. Many, many patches have already gone up and been accepted, with more already submitted/under review with a final batch being prepared. I might also mention that the while the major LSM stacking work has been slow, it has picked up recently and there is a lot of interest to have, say, AppArmor and SELinux stackable or AppArmor and SMACK stackable. We aren't there yet of course, but since you mentioned stacking, I thought I'd point this out. As someone who has dealt with a lot of AppArmor policy in Ubuntu, I can say that you are right on many counts: having it enabled by default will reveal issues sooner than later and people tend to not turn off AppArmor. The AppArmor project (and I'll speak for Ubuntu too) are very concerned about usability and not breaking people so you can be sure we'll continue to want to collaborate on policy (you might also recall AppArmor has the apparmor.d/local concept for site-local changes). Finally, I'll point out that for the Debian packages that carry AppArmor profiles, these are the profiles in use in Ubuntu and have been in use by millions of Ubuntu installs, so they are relatively proven in that regard (not claiming there won't be any bugs of course :). Thanks for taking this on! -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
