Re: Let's enable AppArmor by default (why not?)

To: debian-devel@lists.debian.org
Subject: Re: Let's enable AppArmor by default (why not?)
From: Chris Lamb <lamby@debian.org>
Date: Tue, 15 Aug 2017 17:09:51 -0700
Message-id: <[🔎] 1502842191.2147507.1074683288.2F084504@webmail.messagingengine.com>
In-reply-to: <[🔎] 85o9roqzz1.fsf@boum.org>
References: <[🔎] 857eyij4fb.fsf@boum.org> <[🔎] 1502284223.3595759.1068013368.2A4DA774@webmail.messagingengine.com> <[🔎] 85o9roqzz1.fsf@boum.org>

Hey intri,

> 1. Use the simplest of systemd's hardening features (e.g.
>    Protect{Home,System}=, Private{Devices,Tmp,Network}=,
>    CapabilityBoundingSet=) to their full extend.
> 
>    Not many unit files we ship do that yet. Generally these
>    improvements can be implemented upstream and benefit users of
>    systemd on other distros :)

Indeed! :)  For example, here I'm merging upstream's rather more locked
down unit file into the Debian one:

  https://bugs.debian.org/871610


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

References:
- Let's enable AppArmor by default (why not?)
  - From: intrigeri <intrigeri@debian.org>
- Re: Let's enable AppArmor by default (why not?)
  - From: Chris Lamb <lamby@debian.org>
- Re: Let's enable AppArmor by default (why not?)
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: Re: A radically different proposal for differential updates
Next by Date: Re: Let's enable AppArmor by default (why not?)
Previous by thread: Re: Let's enable AppArmor by default (why not?)
Next by thread: Re: Let's enable AppArmor by default (why not?)
Index(es):
- Date
- Thread