[pkg-apparmor] Bug#879590: apparmor: Decide how we enable AppArmor by default
intrigeri
intrigeri at debian.org
Tue Oct 24 07:20:37 UTC 2017
Hi,
Ben Hutchings:
> On Mon, 2017-10-23 at 10:06 +0200, intrigeri at debian.org wrote:
>> A. Make AppArmor the default LSM in the kernel
> [...]
>> B. Configure bootloaders to enable AppArmor by default
>>
>> On https://bugs.debian.org/702030 a nice & flexible solution was
>> designed; let's call it B.1.
> [...]
>> A short-term simpler option would be to drop a file in
>> /etc/default/grub.d/ [...] Let's call this option B.2.
> [...]
>> My personal preference is A > B.1. Ben & others, what do you think?
> I agree.
OK. Thanks for the prompt reply!
> We really should have a common way to append things to the kernel
> command line, which would allow a more general B.2, but this shouldn't
> have to wait for that.
ACK.
So we're done wrt. LSM activation.
Next step: figure out how to actually pull AppArmor utilities & policy
by default (enabling the LSM is not very useful if we don't install
those too). I think I can propose something about it this week.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list