> I guess I was hallucinating working on the apparmor profile for > clamav-daemon and freshclam (also run as a daemon) today. >
Thats great, though Scott please don't make the mistake of taking a strawman approach. What I said was about AppArmor defaults. I dont see my current dev build of the desktop having any profiles loaded by default other than CUPS. If the considered opinion is to continue with AppArmor then clearly getting more profiles into it is the way to go. However, if you look back into this discussion thread I think John made a very sound set of points about the limitations of AppArmor / SELInux etcetc type approaches for a desktop system and weaknesses of X security. He makes what seems to be a very sound suggestion about Plash and hooking into GTK, thus overcoming the problem of needing to in advance make determinations about what a desktop user might do and the X security problems. Regards Nullack -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
