© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi Jaimes,
CIS Level1 Server/Workstation requires users to run all apparmor profiles in "complain" or "enforced" mode, while CIS Level2 Server/Workstation requires users to run all apparmor profiles in "enforced" mode.
By default on USG we set all apparmor profiles to "complain" in CIS Level1 Server/Workstation .
Can this cause problems? Yes, but unfortunately there's no way of knowing which mode (complain or enforce) will cause less or more issues as we wouldn't know what profiles people are using, and also because CIS Benchmark doesn't really cover snaps.
The good thing is that you are able to change that through tailoring files and adjusting the value of var_apparmor_mode to "enforce" and that should solve your case.
Therefore I'm closing this bug as "Won't Fix". Scratch that, I cannot set the bug to "Won't Fix", so I set it to "Invalid".