On Thu, Nov 23, 2017 at 01:55:49PM +0000, Ben Hutchings wrote: > AppArmor is the default LSM.
There is no such thing as a default LSM in Linux. > > The changelog suggests it was done that systemd units might use it, > > but in that case those systemd units should depend on apparmor. > > They don't depend on AppArmor unless it's enabled. Which is a decision > made in the kernel configuration (potentially overriden by the kernel > comamnd line). So we should not need the recommends.