[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Let's enable AppArmor by default (why not?)


2017-10-27 5:29 GMT+02:00 Anthony DeRobertis <anthony@derobert.net>:
> I think the only two ways to get a new package installed upon stretch →
> buster are:
> 1. Suggest the admin do it in the release notes. (It should be documented in
> the release notes no matter which option we pick, of course.)
> 2. Suggest the admin do it in a NEWS.Debian entry (but it needs to be an
> upgraded package, not a new one, else it won't be displayed. So the
> linux-image-4.* packages won't work, but e.g., linux-image-amd64 would).
> 3. Have a Recommends or Depends on it from another package that is
> installed. (Presumably that'd be a Recommends from the linux-image-*
> packages, and would be dropped down to a Suggests for buster+1).
> 4. Suggest the admin do it in a debconf note. Highly discouraged nowadays.

Could'nt we:

5. Make linux-image-$abi-$arch Depends on apparmor | selinux-basics |
tomoyo-tools | linux-no-lsm

With linux-no-lsm being a new empty package, and all of apparmor,
selinux-basics, tomoyo-tools enable the corresponding LSM.


Mathieu Parent

Reply to: