Re: recommends for apparmor in newest linux-image-4.13
On Thu, Nov 23, 2017 at 01:59:44PM +0000, Ben Hutchings wrote:
> On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote:
> > On Thu, Nov 23, 2017 at 01:55:49PM +0000, Ben Hutchings wrote:
> > > AppArmor is the default LSM.
> >
> > There is no such thing as a default LSM in Linux.
>
> $ grep DEFAULT_SECURITY /boot/config-4.13.0-1-amd64
> # CONFIG_DEFAULT_SECURITY_SELINUX is not set
> # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
> CONFIG_DEFAULT_SECURITY_APPARMOR=y
> # CONFIG_DEFAULT_SECURITY_DAC is not set
> CONFIG_DEFAULT_SECURITY="apparmor"
That's still not an upstream default lsm. Looks like someone in
Debian just decided to make apparmor the default, which is horrible
news :(
Reply to: