Hi'ntrigeri, intrigeri <email@example.com> (2017-10-25): > I'm working on the last blockers towards starting the experiment I've > proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by > default for a while in testing/sid. Does it make sense to have it installed everywhere, including in chroots, containers, etc., or should it be mainly installed in d-i installed systems? > Enabling AppArmor by default on new installations requires two > changes: > > 1. enable the LSM in Linux: problem solved, Ben Hutchings is fine with > doing this in src:linux > 2. install the apparmor package by default. It seems it's built on non-Linux ports as well, does it make sense to have it installed there? Please poke debian-bsd@ and debian-hurd@ if in doubt. > This email is about (2). > > Priority: standard? > =================== > > My understanding is that making the apparmor package "Priority: > standard" i the way to go. Correct? Depends on the first question above. > The package itself has "Installed-Size: 1803 kB". > > I've trimmed the dependencies of this package a bit (just uploaded > 2.11.1-2 as a result) so it seems to be an OK thing to do to me. > The dependencies are now: > > libc6 (>= 2.17), > debconf (>= 0.5) | debconf-2.0, > python3:any, > lsb-base (>= 3.0-6), > debconf > > … i.e. only stuff that's installed by default already anyway. > > Would you folks have any problem with this change? > > Once this is done I'll coordinate with Ben wrt. pushing the other big > red button i.e. (1) once the other blockers have been resolved. Thanks for checking with us in any cases. :) KiBi.
Description: PGP signature