On Thu, 2017-11-23 at 14:18 +0100, Christoph Hellwig wrote: > Hi all, > > is there any good reason for the recommends of apparmor in the latest > linux packages? apparomor is just one of many security modules, and > a fairly bogus one to start with. The kernel should not recommend it > as it doesn't add at all to the expected kernel functionality.
AppArmor is the default LSM. > The changelog suggests it was done that systemd units might use it, > but in that case those systemd units should depend on apparmor. They don't depend on AppArmor unless it's enabled. Which is a decision made in the kernel configuration (potentially overriden by the kernel comamnd line). Ben. > And to start with there probably should be a policty that no unit > file shall fail the boot for a missing security module (any of them). -- Ben Hutchings When in doubt, use brute force. - Ken Thompson
signature.asc
Description: This is a digitally signed message part
