On Sun, 05 Sep 2021 11:07:59 +0000 g4sra via Dng <dng@lists.dyne.org> wrote:
> On Sunday, September 5th, 2021 at 11:54 AM, tito via Dng <dng@lists.dyne.org> > wrote: > > On Sun, 05 Sep 2021 10:18:15 +0000 > > g4sra via Dng dng@lists.dyne.org wrote: > > > On Sunday, September 5th, 2021 at 11:15 AM, tito farmat...@tiscali.it > > > wrote: > > > > On Sun, 05 Sep 2021 08:54:14 +0000 > > > > g4sra via Dng dng@lists.dyne.org wrote: > > > > > <--snip--> > > > > > > Comments and better ideas are welcome. > > > > > > Apparmor > > > > > Hi, > > > > > the cure is worse than the disease ;-) > > > > > How is Apparmor abusive ? > > Hi, > > > > > I'm not very fond of apparmor for various reasons: > > 1. I experienced unexpected behavior of programs > > > silently failing to do something (log, run, etc > > > because the apparmor profile was wrong/bugged > > 2. unless you study every code path in the program you want to > > > supervise the profiles used will not be safe but nobody really cares > > > (e.g. maintainer adds a profile that works with the default setup > > > of the distro (....if it really works)) > > 3. if you use a customized setup of services or other programs > > > it is highly probable that the profiles will not work for you > > > > > Summary: > > > > > apparmor gets in the way of doing stuff and > > > in the end adds just one more software layer > > > with a million code lines and the inevitable > > > programming errors, so in my humble opinion > > > it just adds complexity (bad!) with no guarantee of improving > > > security (not so good!) and makes linux more > > > windows-like (worse!!). > > > > > Addendum: > > > > > Quis custodiet ipsos custodes? > > > > > What will be the next evolutionary step, will we need > > > a new layer that secures apparmor? > > > > > My Solution: > > > > > To avoid all of this trouble and reduce complexity I pin -1 > > > apparmor in apt preferences, purge it and everything related > > > and disable it on the kernel command line with apparmor=0 > > > and everything is smooth, understandable and reliable again > > > as it has been "in saecula saeculorum". > > > > > Ciao, > > > > > Tito > > > > So to summarise... > The answer to my question 'What is abusive about Apparmor ?' is "nothing". The concept is abusive: 1) it is not KISS 2) it does not fix the underlying issues if there are any 3) who watches the watchdog? Ciao, Tito > > You don't like it because you find it overly complicated to configure. > Better throw overly complicated to configure KDE4 out (and Xorg, and ALSA, > and...) with the bathwater as well then, and then KUserFeedback becomes a > non-issue. > > I find them easier to configure than apparmor despite the fact they want to start to spy on me. > > > > > > _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
