[pkg-apparmor] Feedback on "Updating a profile in Debian’s apparmor-profiles-extra package"
u
u at 451f.org
Fri Jan 30 13:30:18 UTC 2015
Hi,
Christian Boltz:
> Am Donnerstag, 29. Januar 2015 schrieb u:
>> As for the second question asked, maybe one of you could answer this:
>> "do you have plans on working on violation detection tool, like SUSE
>> had with YaST2, and Fedora had with setroubleshootd?".
>
> Well, unfortunately the YaST2 AppArmor module is unmaintained (it's
> still based on the old perl code) and the YaST team already dropped some
> parts that didn't work anymore. It seems the only sane/possible fix
> would be to rewrite it from scratch, and that hits the usual ENOTIME
> problem :-/
ok.
> That said - the AppArmor commandline tools are actively maintained and
> are what I'd recommend to use:
> - aa-genprof to create a new profile
> - aa-logprof to update an existing profile
> - aa-notify for things like a daily log summary or realtime desktop
> notifications of profile violations (= audit.log entries)
> - and various other aa-* tools
>
> BTW: IIRC you don't mention those tools in the Debian wiki yet, but you
> should ;-)
>
> Feel free to link to my blog where I have some "AppArmor crash course"
> slides:
> http://blog.cboltz.de/archives/65-openSUSE-conference.html
Great, I'll have a look and I will definitely mention these tools.
Cheers!
u.
More information about the pkg-apparmor-team
mailing list