mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
docs: multiple english corrections.
Co-authored-by: Thomas LAURENT <thomas.laurent@ucdconnect.ie>
This commit is contained in:
parent
01419d82c4
commit
c0780edee1
11 changed files with 51 additions and 47 deletions
18
README.md
18
README.md
|
@ -7,28 +7,27 @@
|
||||||
**Full set of AppArmor profiles**
|
**Full set of AppArmor profiles**
|
||||||
|
|
||||||
> **Warning**: This project is still in its early development. Help is very
|
> **Warning**: This project is still in its early development. Help is very
|
||||||
> welcome see the [documentation website](https://apparmor.pujol.io/) including
|
> welcome; see the [documentation website](https://apparmor.pujol.io/) including
|
||||||
> its [development](https://apparmor.pujol.io/development) section.
|
> its [development](https://apparmor.pujol.io/development) section.
|
||||||
|
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
**AppArmor.d** is a set of over 1400 AppArmor profiles which aims is to confine
|
**AppArmor.d** is a set of over 1400 AppArmor profiles whose aim is to confine
|
||||||
most of Linux base applications and processes.
|
most Linux based applications and processes.
|
||||||
|
|
||||||
**Purpose**
|
**Purpose**
|
||||||
|
|
||||||
- Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`,
|
- Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`,
|
||||||
`polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord`.
|
`polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord`
|
||||||
- Confine all Desktop environments
|
- Confine all Desktop environments
|
||||||
- Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland`
|
- Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland`
|
||||||
- Confine some *"special"* user applications: web browser, file browser...
|
- Confine some *"special"* user applications: web browser, file browser...
|
||||||
- Should not break a normal usage of the confined software
|
- Should not break a normal usage of the confined software
|
||||||
- Fully tested (Work in progress)
|
|
||||||
|
|
||||||
**Goals**
|
**Goals**
|
||||||
|
|
||||||
- Target both desktop and server
|
- Target both desktops and servers
|
||||||
- Support all distributions that support AppArmor:
|
- Support all distributions that support AppArmor:
|
||||||
* Currently:
|
* Currently:
|
||||||
- Archlinux
|
- Archlinux
|
||||||
|
@ -37,6 +36,7 @@ most of Linux base applications and processes.
|
||||||
* Not (yet) tested on openSUSE
|
* Not (yet) tested on openSUSE
|
||||||
- Support all major desktop environments:
|
- Support all major desktop environments:
|
||||||
* Currently only Gnome
|
* Currently only Gnome
|
||||||
|
- Fully tested (Work in progress)
|
||||||
|
|
||||||
|
|
||||||
> This project is originaly based on the work from [Morfikov][upstream] and aims
|
> This project is originaly based on the work from [Morfikov][upstream] and aims
|
||||||
|
@ -52,15 +52,15 @@ possible to write an AppArmor profile for all of them. Therefore, a question ari
|
||||||
**What to confine and why?**
|
**What to confine and why?**
|
||||||
|
|
||||||
We take inspiration from the [Android/ChromeOS Security Model][android_model] and
|
We take inspiration from the [Android/ChromeOS Security Model][android_model] and
|
||||||
we apply it to the Linux world. Modern [Linux security distribution][clipos] usually
|
we apply it to the Linux world. Modern [Linux security distributions][clipos] usually
|
||||||
consider an immutable core base image with a carefully set of selected applications.
|
consider an immutable core base image with a carefully selected set of applications.
|
||||||
Everything else should be sandboxed. Therefore, this project tries to confine all
|
Everything else should be sandboxed. Therefore, this project tries to confine all
|
||||||
the *core* applications you will usually find in a Linux system: all systemd services,
|
the *core* applications you will usually find in a Linux system: all systemd services,
|
||||||
xwayland, network, bluetooth, your desktop environment... Non-core user applications
|
xwayland, network, bluetooth, your desktop environment... Non-core user applications
|
||||||
are out of scope as they should be sandboxed using a dedicated tool (minijail,
|
are out of scope as they should be sandboxed using a dedicated tool (minijail,
|
||||||
bubblewrap, toolbox...).
|
bubblewrap, toolbox...).
|
||||||
|
|
||||||
This is fundamentally different from how AppArmor is usually used on Linux server
|
This is fundamentally different from how AppArmor is usually used on Linux servers
|
||||||
as it is common to only confine the applications that face the internet and/or the users.
|
as it is common to only confine the applications that face the internet and/or the users.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -12,15 +12,15 @@ possible to write an AppArmor profile for all of them. Therefore, a question ari
|
||||||
**What to confine and why?**
|
**What to confine and why?**
|
||||||
|
|
||||||
We take inspiration from the [Android/ChromeOS Security Model][android_model] and
|
We take inspiration from the [Android/ChromeOS Security Model][android_model] and
|
||||||
we apply it to the Linux world. Modern [Linux security distribution][clipos] usually
|
we apply it to the Linux world. Modern [Linux security distributions][clipos] usually
|
||||||
consider an immutable core base image with a carefully set of selected applications.
|
consider an immutable core base image with a carefully selected set of applications.
|
||||||
Everything else should be sandboxed. Therefore, this project tries to confine all
|
Everything else should be sandboxed. Therefore, this project tries to confine all
|
||||||
the *core* applications you will usually find in a Linux system: all systemd services,
|
the *core* applications you will usually find in a Linux system: all systemd services,
|
||||||
xwayland, network, bluetooth, your desktop environment... Non-core user applications
|
xwayland, network, bluetooth, your desktop environment... Non-core user applications
|
||||||
are out of scope as they should be sandboxed using a dedicated tool (minijail,
|
are out of scope as they should be sandboxed using a dedicated tool (minijail,
|
||||||
bubblewrap, toolbox...).
|
bubblewrap, toolbox...).
|
||||||
|
|
||||||
This is fundamentally different from how AppArmor is usually used on Linux server
|
This is fundamentally different from how AppArmor is usually used on Linux servers
|
||||||
as it is common to only confine the applications that face the internet and/or the users.
|
as it is common to only confine the applications that face the internet and/or the users.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ echo 'Optimize=compress-fast' | sudo tee /etc/apparmor/parser.conf
|
||||||
## Personal directories
|
## Personal directories
|
||||||
|
|
||||||
This project is designed in such a way that it is easy to personalize the
|
This project is designed in such a way that it is easy to personalize the
|
||||||
directory your program can access by defining a few variables.
|
directories your programs have access by defining a few variables.
|
||||||
|
|
||||||
The profiles heavily use the (largely extended) XDG directory variables defined
|
The profiles heavily use the (largely extended) XDG directory variables defined
|
||||||
in the **[Variables Reference](/variables)** page.
|
in the **[Variables Reference](/variables)** page.
|
||||||
|
@ -48,7 +48,7 @@ in the **[Variables Reference](/variables)** page.
|
||||||
| Vm | `@{XDG_VM_DIR}` | `.vm`
|
| Vm | `@{XDG_VM_DIR}` | `.vm`
|
||||||
| Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` |
|
| Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` |
|
||||||
|
|
||||||
You can personalize these values with by creating a file such as:
|
You can personalize these values by creating a file such as:
|
||||||
`/etc/apparmor.d/tunables/xdg-user-dirs.d/local` where you define your own
|
`/etc/apparmor.d/tunables/xdg-user-dirs.d/local` where you define your own
|
||||||
personal directories. Example:
|
personal directories. Example:
|
||||||
```sh
|
```sh
|
||||||
|
@ -90,14 +90,17 @@ your rules in it.
|
||||||
|
|
||||||
- `child-open`, a profile that allows other program to open resources (URL,
|
- `child-open`, a profile that allows other program to open resources (URL,
|
||||||
picture, books...) with some predefined GUI application. To allow it to open
|
picture, books...) with some predefined GUI application. To allow it to open
|
||||||
URL with Firefox, create the file `/etc/apparmor.d/local/child-open` with:
|
URLs with Firefox, create the file `/etc/apparmor.d/local/child-open` with:
|
||||||
```sh
|
```sh
|
||||||
/{usr/,}bin/firefox rPx,
|
/{usr/,}bin/firefox rPx,
|
||||||
```
|
```
|
||||||
**NB:** This is an example, no need to add Firefox into `child-open`, it is already there.
|
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
|
|
||||||
|
This is an example, no need to add Firefox into `child-open`, it is already there.
|
||||||
|
|
||||||
|
!!! info
|
||||||
|
|
||||||
`rPx` allows transition to the Firefox profile. Use `rPUx` to allow
|
`rPx` allows transition to the Firefox profile. Use `rPUx` to allow
|
||||||
transition to an unconfined state if you do not have the profile for a
|
transition to an unconfined state if you do not have the profile for a
|
||||||
given program.
|
given program.
|
||||||
|
|
|
@ -25,13 +25,13 @@ use of more variables.
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
|
|
||||||
This profile guideline is still evolving, feel free to propose improvement
|
This profile guideline is still evolving, feel free to propose improvements
|
||||||
as long as it does not vary too much from the existing rules.
|
as long as they do not vary too much from the existing rules.
|
||||||
|
|
||||||
In order to ensure a common structure across the profiles, all new profile **must**
|
In order to ensure a common structure across the profiles, all new profile **must**
|
||||||
follow the guidelines presented here.
|
follow the guidelines presented here.
|
||||||
|
|
||||||
The rules in the profile should be sorted in rule ***block*** as follow:
|
The rules in the profile should be sorted in the rule ***block*** as follows:
|
||||||
|
|
||||||
- `include`
|
- `include`
|
||||||
- `set rlimit`
|
- `set rlimit`
|
||||||
|
@ -54,7 +54,7 @@ This rule order is taken from AppArmor with minor changes as we tend to:
|
||||||
- Divide the file block in multiple subcategories
|
- Divide the file block in multiple subcategories
|
||||||
- Put the block with the longer rules (`files`, `dbus`) after the other blocks
|
- Put the block with the longer rules (`files`, `dbus`) after the other blocks
|
||||||
|
|
||||||
### The file blocks
|
### The file block
|
||||||
|
|
||||||
The file block should be sorted as follow:
|
The file block should be sorted as follow:
|
||||||
|
|
||||||
|
@ -90,7 +90,7 @@ dbus send bus=session path=/org/freedesktop/DBus
|
||||||
```
|
```
|
||||||
If there is no predictable label it can be omitted.
|
If there is no predictable label it can be omitted.
|
||||||
|
|
||||||
### Profiles rules
|
### Profile rules
|
||||||
|
|
||||||
`bin, sbin & lib`
|
`bin, sbin & lib`
|
||||||
|
|
||||||
|
@ -103,7 +103,7 @@ If there is no predictable label it can be omitted.
|
||||||
|
|
||||||
`Sort`
|
`Sort`
|
||||||
|
|
||||||
: In a rule block, the rule shall be alphabetically sorted.
|
: In a rule block, the rules must be alphabetically sorted.
|
||||||
|
|
||||||
`Sub profile`
|
`Sub profile`
|
||||||
|
|
||||||
|
@ -111,7 +111,7 @@ If there is no predictable label it can be omitted.
|
||||||
|
|
||||||
`Similar purpose`
|
`Similar purpose`
|
||||||
|
|
||||||
: When some file access share similar purpose, they may be sorted together. Eg:
|
: When some rules share similar purpose, they may be sorted together. Eg:
|
||||||
```
|
```
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
|
|
|
@ -4,14 +4,14 @@ title: Development
|
||||||
|
|
||||||
# Development
|
# Development
|
||||||
|
|
||||||
You want to contribute to `apparmor.d`, **thank a lot for this.** Feedbacks,
|
You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks,
|
||||||
contributors, pull requests are all very welcome. You will find in this page all
|
contributors, pull requests are all very welcome. You will find in this page all
|
||||||
the useful information needed to contribute.
|
the useful information needed to contribute.
|
||||||
|
|
||||||
??? info "How to contribute"
|
??? info "How to contribute"
|
||||||
|
|
||||||
1. If you don't have git on your machine, [install it][git].
|
1. If you don't have git on your machine, [install it][git].
|
||||||
2. Fork this repo by clicking on the fork button on the top of this page.
|
2. Fork this repo by clicking on the fork button on the top of the [project Github][project] page.
|
||||||
3. Clone the repository and go to the directory:
|
3. Clone the repository and go to the directory:
|
||||||
```sh
|
```sh
|
||||||
git clone https://github.com/this-is-you/apparmor.d.git
|
git clone https://github.com/this-is-you/apparmor.d.git
|
||||||
|
@ -38,7 +38,7 @@ the useful information needed to contribute.
|
||||||
|
|
||||||
`Rule 1: Mandatory Access Control`
|
`Rule 1: Mandatory Access Control`
|
||||||
|
|
||||||
: As these are mandatory access control policies only what it explicitly required
|
: As these are mandatory access control policies only what is explicitly required
|
||||||
should be authorized. Meaning, you should **not** allow everything (or a large area)
|
should be authorized. Meaning, you should **not** allow everything (or a large area)
|
||||||
and blacklist some sub areas.
|
and blacklist some sub areas.
|
||||||
|
|
||||||
|
@ -93,6 +93,7 @@ profile foo @{exec_path} {
|
||||||
|
|
||||||
|
|
||||||
[git]: https://help.github.com/articles/set-up-git/
|
[git]: https://help.github.com/articles/set-up-git/
|
||||||
|
[project]: https://github.com/roddhjav/apparmor.d
|
||||||
|
|
||||||
[flags]: https://github.com/roddhjav/apparmor.d/blob/master/dists/flags/main.flags
|
[flags]: https://github.com/roddhjav/apparmor.d/blob/master/dists/flags/main.flags
|
||||||
[profiles-a-f]: https://github.com/roddhjav/apparmor.d/blob/master/apparmor.d/profiles-a-f
|
[profiles-a-f]: https://github.com/roddhjav/apparmor.d/blob/master/apparmor.d/profiles-a-f
|
||||||
|
|
|
@ -5,10 +5,10 @@ title: Structure
|
||||||
Description of common structure found across various AppArmor profiles
|
Description of common structure found across various AppArmor profiles
|
||||||
|
|
||||||
|
|
||||||
## Program to not confine
|
## Programs to not confine
|
||||||
|
|
||||||
Some programs should not be confined by themselves. For example, tools such as
|
Some programs should not be confined by themselves. For example, tools such as
|
||||||
`ls`, `rm`, `diff` or `cat` do not have profile in this project. Let's see why.
|
`ls`, `rm`, `diff` or `cat` do not have profiles in this project. Let's see why.
|
||||||
|
|
||||||
These are general tools that in a general context can legitimately access any
|
These are general tools that in a general context can legitimately access any
|
||||||
file in the system. Therefore, the confinement of such tools by a global
|
file in the system. Therefore, the confinement of such tools by a global
|
||||||
|
@ -45,7 +45,7 @@ our profile:
|
||||||
profile diff {
|
profile diff {
|
||||||
```
|
```
|
||||||
|
|
||||||
* In `pass`, as it is a dependency of pass. Here `diff` inherit pass profile
|
* In `pass`, as it is a dependency of pass. Here `diff` inherits pass' profile
|
||||||
and has the same access than the pass profile, so it will be allowed to diff
|
and has the same access than the pass profile, so it will be allowed to diff
|
||||||
password files because more than a generic `diff` it is a `diff` for the pass
|
password files because more than a generic `diff` it is a `diff` for the pass
|
||||||
password manager:
|
password manager:
|
||||||
|
@ -66,8 +66,8 @@ sandbox managed with [Toolbox]
|
||||||
|
|
||||||
!!! example "To sum up"
|
!!! example "To sum up"
|
||||||
|
|
||||||
1. Do not create profile for programs such as: `rm`, `ls`, `diff`, `cd`, `cat`
|
1. Do not a create profile for programs such as: `rm`, `ls`, `diff`, `cd`, `cat`
|
||||||
2. Do not create profile for the shell: `bash`, `sh`, `dash`, `zsh`
|
2. Do not a create profile for the shell: `bash`, `sh`, `dash`, `zsh`
|
||||||
3. Use [Toolbox].
|
3. Use [Toolbox].
|
||||||
|
|
||||||
[project-rules]: /development/#project-rules
|
[project-rules]: /development/#project-rules
|
||||||
|
@ -106,9 +106,9 @@ the following note:
|
||||||
|
|
||||||
Here is an overview of the current children profile:
|
Here is an overview of the current children profile:
|
||||||
|
|
||||||
1. **`child-open`**: To opens resources. Instead of allowing the run of all
|
1. **`child-open`**: To open resources. Instead of allowing the run of all
|
||||||
software in `/{usr/,}bin/`, the purpose of this profile is to list all GUI
|
software in `/{usr/,}bin/`, the purpose of this profile is to list all GUI
|
||||||
program that can open resources. Ultimately, only sandbox manager programs
|
programs that can open resources. Ultimately, only sandbox manager programs
|
||||||
such as `bwrap`, `snap`, `flatpak`, `firejail` should be present here. Until
|
such as `bwrap`, `snap`, `flatpak`, `firejail` should be present here. Until
|
||||||
this day, this profile will be a controlled mess.
|
this day, this profile will be a controlled mess.
|
||||||
|
|
||||||
|
@ -124,7 +124,7 @@ Here is an overview of the current children profile:
|
||||||
|
|
||||||
See the **[kernel docs][kernel]** to check the major block and char numbers used in `/run/udev/data/`.
|
See the **[kernel docs][kernel]** to check the major block and char numbers used in `/run/udev/data/`.
|
||||||
|
|
||||||
Special care must be given as some as sometime udev numbers are allocated
|
Special care must be given as sometimes udev numbers are allocated
|
||||||
dynamically by the kernel. Therefore, the full range must be allowed:
|
dynamically by the kernel. Therefore, the full range must be allowed:
|
||||||
|
|
||||||
!!! note ""
|
!!! note ""
|
||||||
|
|
|
@ -10,8 +10,8 @@ Here is an overview of the current CI jobs:
|
||||||
|
|
||||||
**On Gitlab CI**
|
**On Gitlab CI**
|
||||||
|
|
||||||
- Packages build for all supported distribution
|
- Packages build for all supported distributions
|
||||||
- Profiles preprocessing verification for all supported distribution
|
- Profiles preprocessing verification for all supported distributions
|
||||||
- Go based command linting, coverage, and unit tests
|
- Go based command linting, coverage, and unit tests
|
||||||
|
|
||||||
**On Github Action**
|
**On Github Action**
|
||||||
|
|
|
@ -5,7 +5,7 @@ title: Enforce Mode
|
||||||
# Enforce Mode
|
# Enforce Mode
|
||||||
|
|
||||||
The default package configuration installs all profiles in *complain* mode.
|
The default package configuration installs all profiles in *complain* mode.
|
||||||
Once you tested them and it works fine, you can easily switch to *enforce* mode.
|
Once you tested have them and it works fine, you can easily switch to *enforce* mode.
|
||||||
To do this, edit `PKGBUILD` on Archlinux or `debian/rules` on Debian and remove
|
To do this, edit `PKGBUILD` on Archlinux or `debian/rules` on Debian and remove
|
||||||
the `--complain` option to the configure script. Then build the package as usual:
|
the `--complain` option to the configure script. Then build the package as usual:
|
||||||
```diff
|
```diff
|
||||||
|
|
|
@ -8,27 +8,26 @@ title: AppArmor.d
|
||||||
|
|
||||||
!!! danger "Help Wanted"
|
!!! danger "Help Wanted"
|
||||||
|
|
||||||
This project is still in its early development. Help is very welcome
|
This project is still in its early development. Help is very welcome;
|
||||||
see [Development](development/)
|
see [Development](development/)
|
||||||
|
|
||||||
**AppArmor.d** is a set of over 1400 AppArmor profiles which aims is to confine
|
**AppArmor.d** is a set of over 1400 AppArmor profiles whose aim is to confine
|
||||||
most of Linux base applications and processes.
|
most Linux based applications and processes.
|
||||||
|
|
||||||
**Purpose**
|
**Purpose**
|
||||||
|
|
||||||
- Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`,
|
- Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`,
|
||||||
`polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord`.
|
`polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord`
|
||||||
- Confine all Desktop environments
|
- Confine all Desktop environments
|
||||||
- Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland`
|
- Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland`
|
||||||
- Confine some *"special"* user applications: web browser, file browser...
|
- Confine some *"special"* user applications: web browser, file browser...
|
||||||
- Should not break a normal usage of the confined software
|
- Should not break a normal usage of the confined software
|
||||||
- Fully tested (Work in progress)
|
|
||||||
|
|
||||||
See the [Concepts](concepts) page for more detail on the architecture.
|
See the [Concepts](concepts) page for more detail on the architecture.
|
||||||
|
|
||||||
**Goals**
|
**Goals**
|
||||||
|
|
||||||
- Target both desktop and server
|
- Target both desktops and servers
|
||||||
- Support all distributions that support AppArmor:
|
- Support all distributions that support AppArmor:
|
||||||
* Currently:
|
* Currently:
|
||||||
- :material-arch: Archlinux
|
- :material-arch: Archlinux
|
||||||
|
@ -37,3 +36,4 @@ See the [Concepts](concepts) page for more detail on the architecture.
|
||||||
* Not (yet) tested on openSUSE
|
* Not (yet) tested on openSUSE
|
||||||
- Support all major desktop environments:
|
- Support all major desktop environments:
|
||||||
* Currently only :material-gnome: Gnome
|
* Currently only :material-gnome: Gnome
|
||||||
|
- Fully tested (Work in progress)
|
||||||
|
|
|
@ -4,7 +4,7 @@ title: Installation
|
||||||
|
|
||||||
!!! danger
|
!!! danger
|
||||||
|
|
||||||
In order to not break your system, the default package configuration install
|
In order to not break your system, the default package configuration installs
|
||||||
all profiles in complain mode. They can be enforced later.
|
all profiles in complain mode. They can be enforced later.
|
||||||
See the [Enforce Mode](/enforce) page.
|
See the [Enforce Mode](/enforce) page.
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,9 @@ home directory.
|
||||||
|
|
||||||
According the Archlinux guideline, on Archlinux, packages cannot install files
|
According the Archlinux guideline, on Archlinux, packages cannot install files
|
||||||
under `/home/`. Therefore the [`pacman`][pacman] profile purposely does not
|
under `/home/`. Therefore the [`pacman`][pacman] profile purposely does not
|
||||||
allow access of your home directory. This is
|
allow access of your home directory.
|
||||||
|
|
||||||
This provides a basic protection against some package (on the AUR) that may have
|
This provides a basic protection against some packages (on the AUR) that may have
|
||||||
rogue install script.
|
rogue install script.
|
||||||
|
|
||||||
[pacman]: https://github.com/roddhjav/apparmor.d/blob/master/apparmor.d/groups/pacman/pacman
|
[pacman]: https://github.com/roddhjav/apparmor.d/blob/master/apparmor.d/groups/pacman/pacman
|
||||||
|
@ -36,7 +36,7 @@ rogue install script.
|
||||||
### Gnome can be very slow to start.
|
### Gnome can be very slow to start.
|
||||||
|
|
||||||
[Gnome](https://github.com/roddhjav/apparmor.d/issues/80) can be slow to start.
|
[Gnome](https://github.com/roddhjav/apparmor.d/issues/80) can be slow to start.
|
||||||
This is a Known bugs help is very welcome.
|
This is a known bug, help is very welcome.
|
||||||
|
|
||||||
The complexity is that:
|
The complexity is that:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue