_Please_ do not blindly set the profile to complain mode at startup. That would make the aa-logprof/aa-genprof family of tools useless when running potentially untrusted code.
On my own computers, the only way I ever run anything that did not originate in the Ubuntu or Debian archives is by creating a small profile for the application in enforce mode and iteratively running it over and over again, adding the privileges I want to allow.
_Please_ do not blindly set the profile to complain mode at startup. That would make the aa-logprof/ aa-genprof family of tools useless when running potentially untrusted code.
On my own computers, the only way I ever run anything that did not originate in the Ubuntu or Debian archives is by creating a small profile for the application in enforce mode and iteratively running it over and over again, adding the privileges I want to allow.
Thanks