> On Sunday, September 5th, 2021 at 11:54 AM, tito via Dng <dng@???> wrote:
> > On Sun, 05 Sep 2021 10:18:15 +0000
> > g4sra via Dng dng@??? wrote:
> > > On Sunday, September 5th, 2021 at 11:15 AM, tito farmatito@??? wrote:
> > > > On Sun, 05 Sep 2021 08:54:14 +0000
> > > > g4sra via Dng dng@??? wrote:
> > > > > <--snip-->
> > > > > >     Comments and better ideas are welcome. 

> >     silently failing to do something (log, run, etc    

> >     because the apparmor profile was wrong/bugged
> > 2.  unless you study every code path in the program you want to   

> >     supervise the profiles used will not be safe but nobody really cares    

> >     (e.g. maintainer adds a profile that works with the default setup    

> >     of the distro (....if it really works))
> > 3.  if you use a customized setup of services or other programs     

> >     it is highly probable that the profiles will not work for you

> >     Summary:

> >     apparmor gets in the way of doing stuff and    

> >     in the end adds just one more software layer   

> >     with a million code lines and the inevitable     

> >     programming errors, so in my humble opinion     

> >     it just adds complexity (bad!) with no guarantee of improving     

> >     security (not so good!) and makes linux more    

> >     windows-like (worse!!).

> >     Addendum:

> >     Quis custodiet ipsos custodes?

> >     What will be the next evolutionary step, will we need    

> >     a new layer that secures apparmor?

> >     My Solution:

> >     To avoid all of this trouble and reduce complexity I pin -1     

> >     apparmor in apt preferences, purge it and everything related    

> >     and disable it on the kernel command line with apparmor=0    

> >     and everything is smooth, understandable and reliable again    

> >     as it has been "in saecula saeculorum".

> >     Ciao,

> >     Tito