[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recommends for apparmor in newest linux-image-4.13

On Thu, Nov 23, 2017 at 01:59:44PM +0000, Ben Hutchings wrote:
> On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote:
> > On Thu, Nov 23, 2017 at 01:55:49PM +0000, Ben Hutchings wrote:
> > > AppArmor is the default LSM.
> > 
> > There is no such thing as a default LSM in Linux.
> 
> $ grep DEFAULT_SECURITY /boot/config-4.13.0-1-amd64 
> # CONFIG_DEFAULT_SECURITY_SELINUX is not set
> # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
> CONFIG_DEFAULT_SECURITY_APPARMOR=y
> # CONFIG_DEFAULT_SECURITY_DAC is not set
> CONFIG_DEFAULT_SECURITY="apparmor"

That's still not an upstream default lsm.  Looks like someone in
Debian just decided to make apparmor the default, which is horrible
news :(
Reply to: