doc: improve doc.

README.md

@@ -35,7 +35,8 @@ most Linux based applications and processes.
     * Debian 12
     * OpenSUSE Tumbleweed
 - Support major desktop environments:
-    * Currently only Gnome
+    * Gnome
+    * KDE *(work in progress)*
 - Fully tested (Work in progress)
 
 
@@ -68,7 +69,7 @@ as it is common to only confine the applications that face the internet and/or t
 Building large set of AppArmor profiles:
 
 - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))*
-- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/))*
+- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))*
 
 ## Installation
 

docs/concepts.md

@@ -10,7 +10,7 @@ There are over 50000 Linux packages and even more applications. It is simply not
 
 **What to confine and why?**
 
-We take inspiration from the [Android/ChromeOS Security Model][android_model], and we apply it to the Linux world. Modern [Linux security distributions][clipos] usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment...  Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...).
+We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment... Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...).
 
 This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users.
 

docs/enforce.md

@@ -2,15 +2,12 @@
 title: Enforce Mode
 ---
 
-# Enforce Mode
-
 The default package configuration installs all profiles in *complain* mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to *enforce* mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory.
 
 !!! warning
 
     When reporting issue. Please ensure the profiles are in complain mode
 
-## Install
 
 #### :material-arch: Archlinux
 
@@ -29,7 +26,15 @@ override_dh_auto_build:
 	make enforce
 ```
 
-#### :simple-suse: OpenSUSE & Partial install
+#### :simple-suse: OpenSUSE
+
+In `dists/apparmor.d.spec`, replace `%make_build` by `make enforce`
+```diff
+-  %make_build
++  make enforce
+```
+
+#### Partial install
 
 Use the `make enforce` command to build instead of `make`
 

docs/index.md

@@ -34,7 +34,8 @@ See the [Concepts](concepts.md)' page for more detail on the architecture.
     * [:material-debian: Debian 12](install.md#ubuntu-debian)
     * [:simple-suse: OpenSUSE Tumbleweed](install.md#opensuse)
 - Support all major desktop environments:
-    * Currently only :material-gnome: Gnome
+    - [x] :material-gnome: Gnome
+    - [ ] :simple-kde: KDE *(work in progress)*
 - Fully tested (Work in progress)
 
 **Presentations**
@@ -42,7 +43,7 @@ See the [Concepts](concepts.md)' page for more detail on the architecture.
 Building large set of AppArmor profiles:
 
 - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))*
-- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/))*
+- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))*
 
 **Chat**
 

docs/install.md

@@ -106,7 +106,7 @@ sudo make profile-names...
 
 - :material-arch: Archlinux `sudo pacman -R apparmor.d`
 - :material-ubuntu: Ubuntu & :material-debian: Debian `sudo apt purge apparmor.d`
-
+- :simple-suse: OpenSUSE `sudo zypper remove apparmor.d`
 
 [aur]: https://aur.archlinux.org/packages/apparmor.d-git
 [repo]: https://repo.pujol.io/

docs/report.md

@@ -6,9 +6,17 @@ title: Report AppArmor logs
 
 The **[aa-log](usage.md#apparmor-log)** tool reports all AppArmor `DENIED` and `ALLOWED`. It should be used to fix AppArmor related issues.
 
-While testing, if something get wrong, you need to put the profile in complain mode, to that you can investigate, and it does not block your program.
+While testing, if something get wrong, you need to put the profile in complain mode, so that you can investigate, and it does not block your program.
 
-When creating [an issue on Github][newissue]. Please ensure you post a link to the [paste] of the AppArmor audit log: `/var/log/audit/audit.log`.
+When creating [an issue on Github][newissue], please post a link to the [paste] of the audit log generated with:
+```sh
+aa-log -R
+```
+
+If this command produce nothing, try:
+```sh
+aa-log -s -R
+```
 
 [newissue]: https://github.com/roddhjav/apparmor.d/issues/new
 [paste]: https://pastebin.com/