From c68cdd14a362c1ceb468ba7ecc9e1074f5c22ab6 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 27 Jan 2024 23:13:43 +0000
Subject: [PATCH] doc: improve doc.

---
 README.md        |  5 +++--
 docs/concepts.md |  2 +-
 docs/enforce.md  | 13 +++++++++----
 docs/index.md    |  5 +++--
 docs/install.md  |  2 +-
 docs/report.md   | 12 ++++++++++--
 6 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index eda6538a8..ba4d40c5f 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,8 @@ most Linux based applications and processes.
     * Debian 12
     * OpenSUSE Tumbleweed
 - Support major desktop environments:
-    * Currently only Gnome
+    * Gnome
+    * KDE *(work in progress)*
 - Fully tested (Work in progress)
 
 
@@ -68,7 +69,7 @@ as it is common to only confine the applications that face the internet and/or t
 Building large set of AppArmor profiles:
 
 - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))*
-- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/))*
+- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))*
 
 ## Installation
 
diff --git a/docs/concepts.md b/docs/concepts.md
index 563940a4e..6eeb68473 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -10,7 +10,7 @@ There are over 50000 Linux packages and even more applications. It is simply not
 
 **What to confine and why?**
 
-We take inspiration from the [Android/ChromeOS Security Model][android_model], and we apply it to the Linux world. Modern [Linux security distributions][clipos] usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment...  Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...).
+We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment... Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...).
 
 This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users.
 
diff --git a/docs/enforce.md b/docs/enforce.md
index 730e5ddc1..72c8310a8 100644
--- a/docs/enforce.md
+++ b/docs/enforce.md
@@ -2,15 +2,12 @@
 title: Enforce Mode
 ---
 
-# Enforce Mode
-
 The default package configuration installs all profiles in *complain* mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to *enforce* mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory.
 
 !!! warning
 
     When reporting issue. Please ensure the profiles are in complain mode
 
-## Install
 
 #### :material-arch: Archlinux
 
@@ -29,7 +26,15 @@ override_dh_auto_build:
 	make enforce
 ```
 
-#### :simple-suse: OpenSUSE & Partial install
+#### :simple-suse: OpenSUSE
+
+In `dists/apparmor.d.spec`, replace `%make_build` by `make enforce`
+```diff
+-  %make_build
++  make enforce
+```
+
+#### Partial install
 
 Use the `make enforce` command to build instead of `make`
 
diff --git a/docs/index.md b/docs/index.md
index 40ed5a9fe..fe7e87dc9 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -34,7 +34,8 @@ See the [Concepts](concepts.md)' page for more detail on the architecture.
     * [:material-debian: Debian 12](install.md#ubuntu-debian)
     * [:simple-suse: OpenSUSE Tumbleweed](install.md#opensuse)
 - Support all major desktop environments:
-    * Currently only :material-gnome: Gnome
+    - [x] :material-gnome: Gnome
+    - [ ] :simple-kde: KDE *(work in progress)*
 - Fully tested (Work in progress)
 
 **Presentations**
@@ -42,7 +43,7 @@ See the [Concepts](concepts.md)' page for more detail on the architecture.
 Building large set of AppArmor profiles:
 
 - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))*
-- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/))*
+- [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))*
 
 **Chat**
 
diff --git a/docs/install.md b/docs/install.md
index 1b42ebab6..af58b4913 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -106,7 +106,7 @@ sudo make profile-names...
 
 - :material-arch: Archlinux `sudo pacman -R apparmor.d`
 - :material-ubuntu: Ubuntu & :material-debian: Debian `sudo apt purge apparmor.d`
-
+- :simple-suse: OpenSUSE `sudo zypper remove apparmor.d`
 
 [aur]: https://aur.archlinux.org/packages/apparmor.d-git
 [repo]: https://repo.pujol.io/
diff --git a/docs/report.md b/docs/report.md
index a84a6a386..9d1bf033f 100644
--- a/docs/report.md
+++ b/docs/report.md
@@ -6,9 +6,17 @@ title: Report AppArmor logs
 
 The **[aa-log](usage.md#apparmor-log)** tool reports all AppArmor `DENIED` and `ALLOWED`. It should be used to fix AppArmor related issues.
 
-While testing, if something get wrong, you need to put the profile in complain mode, to that you can investigate, and it does not block your program.
+While testing, if something get wrong, you need to put the profile in complain mode, so that you can investigate, and it does not block your program.
 
-When creating [an issue on Github][newissue]. Please ensure you post a link to the [paste] of the AppArmor audit log: `/var/log/audit/audit.log`.
+When creating [an issue on Github][newissue], please post a link to the [paste] of the audit log generated with:
+```sh
+aa-log -R
+```
+
+If this command produce nothing, try:
+```sh
+aa-log -s -R
+```
 
 [newissue]: https://github.com/roddhjav/apparmor.d/issues/new
 [paste]: https://pastebin.com/