Re: Let's enable AppArmor by default (why not?)
- Date: Sat, 05 Aug 2017 06:50:00 +0000
- From: Niels Thykier <niels@xxxxxxxxxxx>
- Subject: Re: Let's enable AppArmor by default (why not?)
Overall, this sounds like an interesting proposal and personally, I
agree that I think the Debian Linux ports would be better off with an
LSM enabled by default.
> What's the cost for Debian users?
> AppArmor unavoidably breaks functionality from time to time: e.g.
> new versions of software we package (or of their dependencies)
> regularly start needing access to new file locations.
Can we integrate these LSM policies into our testing frameworks (e.g.
autopkgtests), so we can start having automated tests of even basic
functionality. Or will that happen "out of the box" if we enable it by
default (and, possibly, enable it on our test hosts)?