Re: recommends for apparmor in newest linux-image-4.13

To: debian-devel@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: recommends for apparmor in newest linux-image-4.13
From: Michael Stone <mstone@debian.org>
Date: Tue, 28 Nov 2017 22:16:01 -0500
Message-id: <[🔎] 18deb24e-d4b3-11e7-9b6a-00163eeb5320@msgid.mathom.us>
Mail-followup-to: debian-devel@lists.debian.org, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 20171128230308.GB769@bongo.bofh.it>
References: <[🔎] 20171123131846.GA27575@lst.de> <[🔎] 1511445349.14687.63.camel@decadent.org.uk> <[🔎] 20171123135822.GA28776@lst.de> <[🔎] 1511445584.14687.64.camel@decadent.org.uk> <[🔎] 20171123140109.GA28885@lst.de> <[🔎] 20171123144310.gac6zwqysfzdsh3i@exolobe3> <[🔎] 20171128185445.GA5602@lst.de> <[🔎] 20171128230308.GB769@bongo.bofh.it>

On Wed, Nov 29, 2017 at 12:03:08AM +0100, Marco d'Itri wrote:

On Nov 28, Christoph Hellwig <hch@lst.de> wrote:

It's just a bad idea of a security model that implements ad-hoc
and mostly path based restrictions instead of an actually verified
security model.  Using that by default makes it much harder to actually
use a real MAC based security model, which not only is required for
various security sensitive deployments but also a good idea in general.

This may be true, but OTOH nobody cared enough about SELinux to actually
make it work out of the box in Debian.

By that criteria, it doesn't seem like anyone cares about apparmoreither...

FWIW, I also think apparmor a bad idea, but it's somehow morphed

from "can we make it possible to turn apparmor on" to "let's make RCbugs for stuff that doesn't work with apparmor" without much real buy-inAFAICT.


Mike Stone

Reply to:

References:
- recommends for apparmor in newest linux-image-4.13
  - From: Christoph Hellwig <hch@lst.de>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Christoph Hellwig <hch@lst.de>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Christoph Hellwig <hch@lst.de>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Lars Wirzenius <liw@liw.fi>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: Christoph Hellwig <hch@lst.de>
- Re: recommends for apparmor in newest linux-image-4.13
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: recommends for apparmor in newest linux-image-4.13
Next by Date: Re: Reiser4 for Linux-4.14, Reiser4progs-1.2.0, Libaal-1.0.7, Format 4.0.2
Previous by thread: Re: recommends for apparmor in newest linux-image-4.13
Next by thread: Re: recommends for apparmor in newest linux-image-4.13
Index(es):
- Date
- Thread