AppArmor

aa-status should print list of disabled profiles

Bug #1786332 reported by Vincas Dargis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

It would be useful to inform user about currently disabled profiles.

Since (obviously) not every profile is suitable to be enabled by default, and profiles in complain mode should be (IMHO) avoided, shipping them disabled seems reasonable choice. Though user is not informed in any (explicit) way that application he has installed could be hardened by AppArmor, by enabling that disabled-by-default profile, and that task could be done at least by aa-status.

Package managers could have hooks to suggest to enable them upon installation, but that's another (and distribution-specific) topic.

I understand that disabled profiles should not be parsed (they might be disabled for by the user due to parsing issues), so probably only the list of profile *file names* will be available, not the pretty profile name, but that's still be useful, as you enable them by `aa-enforce profile.file.name`.

Tags: aa-tools
Christian Boltz (cboltz)
tags: added: aa-tools
Revision history for this message
Vincas Dargis (talkless) wrote :

Looks like it's duplicate of https://bugs.launchpad.net/apparmor/+bug/1430513

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.