aa-status should print list of disabled profiles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
It would be useful to inform user about currently disabled profiles.
Since (obviously) not every profile is suitable to be enabled by default, and profiles in complain mode should be (IMHO) avoided, shipping them disabled seems reasonable choice. Though user is not informed in any (explicit) way that application he has installed could be hardened by AppArmor, by enabling that disabled-by-default profile, and that task could be done at least by aa-status.
Package managers could have hooks to suggest to enable them upon installation, but that's another (and distribution-
I understand that disabled profiles should not be parsed (they might be disabled for by the user due to parsing issues), so probably only the list of profile *file names* will be available, not the pretty profile name, but that's still be useful, as you enable them by `aa-enforce profile.file.name`.
tags: | added: aa-tools |
Looks like it's duplicate of https:/ /bugs.launchpad .net/apparmor/ +bug/1430513