[apparmor] Let's enable AppArmor by default (why not?)
John Johansen
john.johansen at canonical.com
Sun Nov 19 03:23:42 UTC 2017
On 11/18/2017 01:59 PM, Marvin Renich wrote:
> * John Johansen <john.johansen at canonical.com> [171118 16:02]:
>> You can disable individual profiles without editing them and messing up the packaging by using aa-disable
> [some really good beginner stuff snipped]
>
> John, many thanks for these tidbits. Can they be put in a text file in
> /usr/share/doc/apparmor, with a NEWS.Debian entry pointing to it, so
> that when the package is pulled in, the user has some idea where to
> start? Since Thunderbird seems to be one of the problem packages,
> having it in a text file on the local system seems like a good idea.
>
yes we can certainly create the text file, its a good idea. I'll leave it
up to the debian maintainer to decide on the NEWS.Debian entry but it
certainly sound like a good idea to me as well.
> Actually, a short beginner's guide as a text file in
> /usr/share/doc/apparmor, which has more than just "how to disable a
> profile" would be extremely helpful. I don't have the apparmor
> knowledge to write it, though.
>
yeah, I will start working on the doc. Make sure it has links to
more comprehensive info (the wiki, ml, some man pages, etc.)
More information about the AppArmor
mailing list