[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Apparmor suggestion to include more profiles

Am 01.06.2016 um 02:16 schrieb Christian Boltz:
>> (...)
>> You´re right, SUSE never came with many really useful AA profiles.
>> On the other hand, in my mind you always need to change AA profiles to
>> meet your demands.
> Did you also need any changes in the profiles that are enabled by 
> default? If so, please tell me - in many (not all) cases I consider this 
> to be a bug in the profile ;-)

No, actually I never looked closer at the default profiles.... I´ve been
more keen on user space programms like Firefox, VLC etc. I guess on
desktop systems this may be the first doors an attacker would break into.

Where can you make suggestions for changes to default
profiles/abstractions? Here or bugzilla?

> I agree that it would be good to have a place where profiles can be 
> shared, but I'm not sure if the wiki is a good place. The problem I see 
> is that the wiki makes it too easy to do malicious modifications to a 
> profile.

Can a certain wiki site not be restricted to allow only certain people
to post stuff?
Doesn´t openSUSE have a website that is run "normally" without wiki? So
people could show and discuss their AA profiles here on the list and an
admin looks over them and puts them on a static non-wiki web site?

> There are plans to setup a cross-distribution repo for profiles 
> (I discussed this with some Debian people at last year's DebConf (...)

In the long run that would be best, so all Linux users can benefit, no
matter what distribution.


To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx