On 07-03-2021 19:39, al3xu5 wrote:
> Sun, 7 Mar 2021 19:11:18 +0100 - "dng@???" <dng@???>:
>
>> On 07-03-2021 18:20, tito via Dng wrote:
> [...] I personally would scrap:
> [..]
>>> apparmor
> [...]
>>> Tito
>> Mostly agree with you and in its current state apparmor belongs to this
>> list. In the same time I like the idea of apparmor in limiting apps
>> behavior. It could be most useful if implemented correctly.
>> Nick
>
> Hi
>
> I have:
>
> ~~~
> $ sudo service apparmor status
>
> apparmor module is loaded.
> 17 profiles are loaded.
> 17 profiles are in enforce mode.
> /usr/bin/man
> /usr/lib/cups/backend/cups-pdf
> /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session
> /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session//chromium
> /usr/sbin/cups-browsed
> /usr/sbin/cupsd
> /usr/sbin/cupsd//third_party
> /usr/sbin/libvirtd
> /usr/sbin/libvirtd//qemu_bridge_helper
> /usr/sbin/ntpd
> /usr/sbin/tcpdump
> man_filter
> man_groff
> nvidia_modprobe
> nvidia_modprobe//kmod
> system_tor
> virt-aa-helper
> 0 profiles are in complain mode.
> 6 processes have profiles defined.
> 6 processes are in enforce mode.
> /usr/sbin/cups-browsed (2446)
> /usr/sbin/cupsd (12205)
> /usr/lib/cups/notifier/dbus (12208) /usr/sbin/cupsd
> /usr/sbin/libvirtd (3278)
> /usr/sbin/ntpd (3030)
> /usr/bin/tor (3200) system_tor
> 0 processes are in complain mode.
> 0 processes are unconfined but have a profile defined.
> ~~~
>
> I have done nothing (I can remember) about apparmor configuration and
> profiles...
>
> Maybe it was installed by default or maybe I had installed it ages ago and
> it hasremained over time, a dist-upgrade after the other.
>
> So, I would like your advice: is there any sense that I keep it on the
> system? Or can I do without quietly?
>
> Thanks in advance.
>
> Regards
> al3xu5
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
In its current state (with little updated profiles working with enforce)
it does not add much to your daily use imo. According to
https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor it is enabled
by default in Debian 10. And you can disable it with a kernel parameter
in grub.
Grtz.
Nick