On Fri, Oct 27, 2017 at 10:01:18AM +0200, Mathieu Parent wrote: > Could'nt we: > > 5. Make linux-image-$abi-$arch Depends on apparmor | selinux-basics | > tomoyo-tools | linux-no-lsm > > With linux-no-lsm being a new empty package, and all of apparmor, > selinux-basics, tomoyo-tools enable the corresponding LSM.
I don't think there is a good way to guarantee which alternative there apt picks. It could pick to install linux-no-lsm for example (and who knows, maybe due to fewer dependencies, or a conflict, or whatever, it will). Even if it works today, that seems fragile... Also, a Depends: with one of the alternatives being "don't install anything" strikes me as a hack to work around not having Recommends or Suggests — but we do have those, so I'm not sure why we wouldn't use them instead.
