[pkg-apparmor] Bug#995367: Re-enable apparmor on Debian Live?
intrigeri
intrigeri at debian.org
Mon Feb 14 07:57:57 GMT 2022
Control: tag -1 + moreinfo
Hi,
Trent W. Buck (2021-09-30):
> The original bug report complained about LibreOffice and Evince.
> I tested those specifically.
>
> LibreOffice is in "complain" mode.
> It's rules fail, but there is no user-visible impact.
>
> Evince is in "enforce" mode.
> I couldn't generate an error by just opening PDFs, saving them, and printing them (to files).
Interesting!
I was not surprised that msmtp works because its profile has
attach_disconnected, but the Evince and LibreOffice don't have that
kludge so I'm surprised they work.
> Is this a sufficient test?
It's definitely a sufficient test to give some hope!
Could you please test this with some LUKS-encrypted persistence mounts,
e.g. make ~/.gnupg persistent and check that AppArmor correctly
forbids access to the persistent files in there, both when accessed
via ~/.gnupg and via the mountpoint of the persistent filesystem?
Cheers!
More information about the pkg-apparmor-team
mailing list