Re: recommends for apparmor in newest linux-image-4.13

On Wed, Nov 29, 2017 at 01:17:26PM +0100, Emilio Pozuelo Monfort wrote:
On 29/11/17 13:04, Michael Stone wrote:
On Tue, Nov 28, 2017 at 08:22:50PM -0800, Russ Allbery wrote:
Maybe SELinux would be better, but various people have been trying to make
SELinux better-integrated with Debian for quite some time, and those
efforts don't seem to have been particularly successful.

Well, maybe it should just be turned on by default, then all the remaining
issues will magically go away just like they will for apparmor!

If there are issues, file bugs and mention them. So far your attitude is not
helpful at all.

Nobody said problems are going to magically go away by enabling apparmor. OTOH,
we won't know to what extent problems exists until it gets enabled everywhere.

Exactly the same argument can be made for selinux. But for some reason just turning on selinux by default to fix everything wasn't a good solution, but turning on apparmor for the same reason is. I'm trying to understand this logic.

Mike Stone