On Sunday, September 5th, 2021 at 11:54 AM, tito via Dng <dng@???> wrote:
> On Sun, 05 Sep 2021 10:18:15 +0000
> g4sra via Dng dng@??? wrote:
> > On Sunday, September 5th, 2021 at 11:15 AM, tito farmatito@??? wrote:
> > > On Sun, 05 Sep 2021 08:54:14 +0000
> > > g4sra via Dng dng@??? wrote:
> > > > <--snip-->
> > > > > Comments and better ideas are welcome.
> > > > Apparmor
> > > > Hi,
> > > > the cure is worse than the disease ;-)
> > > > How is Apparmor abusive ?
> Hi,
>
> I'm not very fond of apparmor for various reasons:
> 1. I experienced unexpected behavior of programs
> silently failing to do something (log, run, etc
> because the apparmor profile was wrong/bugged
> 2. unless you study every code path in the program you want to
> supervise the profiles used will not be safe but nobody really cares
> (e.g. maintainer adds a profile that works with the default setup
> of the distro (....if it really works))
> 3. if you use a customized setup of services or other programs
> it is highly probable that the profiles will not work for you
>
> Summary:
>
> apparmor gets in the way of doing stuff and
> in the end adds just one more software layer
> with a million code lines and the inevitable
> programming errors, so in my humble opinion
> it just adds complexity (bad!) with no guarantee of improving
> security (not so good!) and makes linux more
> windows-like (worse!!).
>
> Addendum:
>
> Quis custodiet ipsos custodes?
>
> What will be the next evolutionary step, will we need
> a new layer that secures apparmor?
>
> My Solution:
>
> To avoid all of this trouble and reduce complexity I pin -1
> apparmor in apt preferences, purge it and everything related
> and disable it on the kernel command line with apparmor=0
> and everything is smooth, understandable and reliable again
> as it has been "in saecula saeculorum".
>
> Ciao,
>
> Tito
>
So to summarise...
The answer to my question 'What is abusive about Apparmor ?' is "nothing".
You don't like it because you find it overly complicated to configure.
Better throw overly complicated to configure KDE4 out (and Xorg, and ALSA, and...) with the bathwater as well then, and then KUserFeedback becomes a non-issue.