Re: Let's enable AppArmor by default (why not?)

To: debian-devel@lists.debian.org, intrigeri <intrigeri@debian.org>
Subject: Re: Let's enable AppArmor by default (why not?)
From: Niels Thykier <niels@thykier.net>
Date: Sat, 05 Aug 2017 06:50:00 +0000
Message-id: <[🔎] cc2ffa82-7279-f7e2-8da1-41f5f51c0f01@thykier.net>
In-reply-to: <[🔎] 857eyij4fb.fsf@boum.org>
References: <[🔎] 857eyij4fb.fsf@boum.org>

intrigeri:

Hi,

Overall, this sounds like an interesting proposal and personally, I
agree that I think the Debian Linux ports would be better off with an
LSM enabled by default.

> What's the cost for Debian users?
> ---------------------------------
> 
> AppArmor unavoidably breaks functionality from time to time: e.g.
> new versions of software we package (or of their dependencies)
> regularly start needing access to new file locations.

s/AppArmor/Any LSM/

Can we integrate these LSM policies into our testing frameworks (e.g.
autopkgtests), so we can start having automated tests of even basic
functionality.  Or will that happen "out of the box" if we enable it by
default (and, possibly, enable it on our test hosts)?

Thanks,
~Niels

Reply to:

Follow-Ups:
- Re: Let's enable AppArmor by default (why not?)
  - From: Simon McVittie <smcv@debian.org>

References:
- Let's enable AppArmor by default (why not?)
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: Re: MBF for deprecating Python2 usage
Next by Date: Re: Bug#798476: Returning to the requirement that Uploaders: contain humans
Previous by thread: Let's enable AppArmor by default (why not?)
Next by thread: Re: Let's enable AppArmor by default (why not?)
Index(es):
- Date
- Thread