[apparmor] Let's enable AppArmor by default (why not?)
intrigeri
intrigeri at debian.org
Mon Mar 19 11:40:32 UTC 2018
Marvin Renich:
> * John Johansen <john.johansen at canonical.com> [171118 16:02]:
>> You can disable individual profiles without editing them and messing up the packaging by using aa-disable
> [some really good beginner stuff snipped]
> John, many thanks for these tidbits. Can they be put in a text file in
> /usr/share/doc/apparmor, with a NEWS.Debian entry pointing to it, so
> that when the package is pulled in, the user has some idea where to
> start? Since Thunderbird seems to be one of the problem packages,
> having it in a text file on the local system seems like a good idea.
> Actually, a short beginner's guide as a text file in
> /usr/share/doc/apparmor, which has more than just "how to disable a
> profile" would be extremely helpful. I don't have the apparmor
> knowledge to write it, though.
FYI the most useful bits were added to
https://wiki.debian.org/AppArmor/HowToUse
which is linked from /usr/share/doc/apparmor/README.Debian :)
It's only a start and there's lots of room for improvement,
but it's a start.
Cheers,
--
intrigeri
More information about the AppArmor
mailing list