close 750107
thanks
apparmor in the current lxc package will not be activated by default,
for three reasons:
1. upstream has not merged back some of the necessary apparmor
integration files from the ubuntu packaging to upstream.
since, first, the upstream maintainers is also the ubuntu
maintainer, and second, i'm not using apparmor nor am i interested
in the optional usage of apparmor in lxc myself, i'm not convinved
to deviate from the default and enable an incomplete apparmor
integration in the current lxc package, nor to finish the
apparmor integration myself.
you're welcome to send patches though, as long as it's not enabling
it by default, so that people not using apparmor do not have to
disable it, but rather, those that want to use it can enable it.
2. you do not need to use apparmor in order to have secure containers,
e.g. mounting sysfs readonly is enough to mitigate that whole.
3. the lxc-debian template in debian had sysfs readonly for a long
time, but at last debconf, i've specifically been told by the dpl
to not modify the lxc-debian template as shipped by upstream
(and thus moved the debian specific lxc-debian template to
lxc-stuff).
please send patches and bugs against lxc-debian from lxc upstream
to lxc upstream (via github issues), they are very active and it
will then automatically go into debian.
Regards,
Daniel
--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baum...@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
