On Fri, 2017-08-04 at 19:31 -0400, intrigeri wrote: > tl;dr: I hereby propose we enable AppArmor by default in testing/sid, > and decide one year later if we want to keep it this way in the > Buster release.
On most systems, people tend to disable LSM first. Because many a times an inadequate policy hinders the use of the tool. And on the desktop machine this becomes more common an issue. On the SELinux side, there used to be a nice reporting tool for the desktop, setroubleshoot. It used to alert (graphical and console) any policy violations. A DE agnostic alert tool would be necessary for wide adoption of any LSM implementation. In my opinion, we should start with an alert tool (to report policy violations), and a handful of server packages. -- Given the large number of mailing lists I follow, I request you to CC me in replies for quicker response
signature.asc
Description: This is a digitally signed message part
