[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Making apparmor "Priority: standard"? [Was: Bug#879590: apparmor: Decide how we enable AppArmor by default]


intrigeri <intrigeri@debian.org> (2017-10-25):
> I'm working on the last blockers towards starting the experiment I've
> proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by
> default for a while in testing/sid.

Does it make sense to have it installed everywhere, including in
chroots, containers, etc., or should it be mainly installed in d-i
installed systems?

> Enabling AppArmor by default on new installations requires two
> changes:
> 1. enable the LSM in Linux: problem solved, Ben Hutchings is fine with
>    doing this in src:linux
> 2. install the apparmor package by default.

It seems it's built on non-Linux ports as well, does it make sense to
have it installed there? Please poke debian-bsd@ and debian-hurd@ if in

> This email is about (2).
> Priority: standard?
> ===================
> My understanding is that making the apparmor package "Priority:
> standard" i the way to go. Correct?

Depends on the first question above.

> The package itself has "Installed-Size: 1803 kB".
> I've trimmed the dependencies of this package a bit (just uploaded
> 2.11.1-2 as a result) so it seems to be an OK thing to do to me.
> The dependencies are now:
>   libc6 (>= 2.17),
>   debconf (>= 0.5) | debconf-2.0,
>   python3:any,
>   lsb-base (>= 3.0-6),
>   debconf
> … i.e. only stuff that's installed by default already anyway.
> Would you folks have any problem with this change?
> Once this is done I'll coordinate with Ben wrt. pushing the other big
> red button i.e. (1) once the other blockers have been resolved.

Thanks for checking with us in any cases. :)


Attachment: signature.asc
Description: PGP signature

Reply to: