[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Apparmor suggestion to include more profiles

On 05/31/2016 08:53 PM, Lew Wolfgang wrote:
> But the included profiles for dovecot didn't work.  I was pressed
> for time so I quickly hacked two of the profiles to get the server
> working.  I'm sure I didn't do it right, and may have messed up the
> security posture, but at least the mail is flowing!

When I was first faced with this I used a utility that scanned the logs
and built a proposed settings file based on the global violation errors.
It worked great, and was easy to add destination restrictions.

That being said, I'm now using Christian's package, more because it
represents the "openSuse" norm than anything else.

Its quite ineligible and easy to understand and modify/customise.
Christian points out the areas for this and what might be done in the
inline comments.

Kudos to Christian for good work here.

"To ask the right question is already half the solution of a problem".
   -- Carl Jung.
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx