Comment 4 for bug 1788929

Revision history for this message
Jann Horn (corp account) (jannh) wrote : Re: Debian/Ubuntu AppArmor policy for evince is useless

I wonder whether it would make sense for you to amend https://wiki.ubuntu.com/Security/Features#AppArmor and add a little bit of information on what the various policies are supposed to achieve - in particular, replace the "yes" entries with something like "best-effort"/"strong" to signal whether the policy is supposed to provide meaningful confinement against a determined attacker.
Without that information, I believe that that table isn't very helpful to someone who is trying to reason about the security posture of a Ubuntu installation.