Re: recommends for apparmor in newest linux-image-4.13
- Date: Wed, 6 Dec 2017 18:16:00 +0200
- From: Vincas Dargis <vindrg@xxxxxxxxx>
- Subject: Re: recommends for apparmor in newest linux-image-4.13
On 2017-12-06 12:24, Laurent Bigonville wrote:
I feel that having Apparmor running and not doing anything will give people a false sense of security, on my test
machine almost nothing was confined
Yeah, we really need much more working profiles ready to be shipped... Thoguh I believe our AppArmor maintainer stated
opinion that we should fix what's already available, instead of rushing to write bunch of new profiles (please correct
me if I mistaken, intrigeri :-) ).
As a hint, try running "sudo aa-enforce /etc/apparmor.d/*", it might enable some disabled-by-defaut profiles, as
Thunderbird and Libreoffice ones.
TBH I'm a bit disappointed with upstream state of Apparmor (no D-Bus mediation,...) and other missing features that are
still ubuntu only.
Yes I miss features too (not only mediation...). Though Signal and Mount mediation is available in 4.14 (not enabled in
Debian AppArmor configuration _yet_, until it's tested enough), Network might come in 4.16.