Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

Hi, Seth Arnold: > On Thu, Aug 10, 2017 at 05:50:41PM -0400, intrigeri wrote: >> Context: this is about the apparmor-profiles package, that has no >> reverse-dependency, so this whole thing is not such a big deal (users >> [...] >> 2. Install *all* the profiles shipped by this package to >>

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

LGTM. -- If quantum mechanics hasn't profoundly shocked you, you haven't understood it yet. - Niels Bohr

Bug#830502: [pkg-apparmor] Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

On Thu, 2017-08-10 at 17:50 -0400, intrigeri wrote: > > And the long-term goal is that eventually, some of these shared > profiles might become good enough to be shipped in the apparmor > package and enforced by default (and others should simply dropped from > Debian-based distros if nobody cares

Bug#830502: [pkg-apparmor] Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

On Thu, Aug 10, 2017 at 05:50:41PM -0400, intrigeri wrote: > Context: this is about the apparmor-profiles package, that has no > reverse-dependency, so this whole thing is not such a big deal (users > [...] > 2. Install *all* the profiles shipped by this package to >/etc/apparmor.d/, set it in

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

Hi, I've re-read the bug log and taken a step back. Here's some context and a proposal. Please provide input/opinions; especially Ubuntu people are welcome to comment: I want to do something that works for them as well (saying "we don't care much about this package, do whatever you want and we'll

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

intrigeri: > Drawbacks of shipping not-quite-ready-yet profiles (in complain mode) > in /etc/apparmor.d/: Here's another one, that might be a deal breaker: * 'deny' rules are enforced even in complain mode, so *all* AppArmor users are affected by any bug in such rules

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

On 2017-07-04 09:52:55, intrigeri wrote: > Hi, > > intrig...@debian.org: >> The apparmor-profiles package ships a number of profiles in >> /etc/apparmor.d/, "in complain mode so that users can test and choose >> which are desired". This includes policy for dovecot, dnsmasq, >> avahi-daemon, ping.

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

Hi, intrig...@debian.org: > The apparmor-profiles package ships a number of profiles in > /etc/apparmor.d/, "in complain mode so that users can test and choose > which are desired". This includes policy for dovecot, dnsmasq, > avahi-daemon, ping. > This is confusing to some of us, and to users

Bug#830502: apparmor-profiles: Reconsider what profiles are shipped in /etc/apparmor.d/ and in which mode

Package: apparmor-profiles Version: 2.10.95-4 Severity: normal The apparmor-profiles package ships a number of profiles in /etc/apparmor.d/, "in complain mode so that users can test and choose which are desired". This includes policy for dovecot, dnsmasq, avahi-daemon, ping. This is confusing to