Control: severity -1 important Control: affects -1 tor On Tue, 2017-10-31 at 16:07 +0100, Christoph Anton Mitterer wrote: > Package: src:linux > Version: 4.13.10-1 > Severity: critical > Justification: breaks unrelated software > > Apparently AppArmor was enabled per default in the last version.
Although you can disable it (security=dac or apparmor=0) if you want. > While I'm usually in favour of anything that improves security > (leaving aside the question here whether SELinux wouldn't be the much > more powerful solution ;-) )... this happened too silent (e.g. no > NEWS entry)... peopl may not even have installed the userland tools. The change was noted in the changelog, so it's not silent. I intend to add a NEWS entry in the next linux-latest upload. It doesn't make sense to add NEWS to linux-image-* packages as that will only be displayed for upgrades that don't involve an ABI bump My understanding was that enabling AppArmor shouldn't do very much until a policy is loaded (which it won't be if you don't install the userland tools). As you've found, that isn't entirely correct. > Also it breaks unrelated software, e.g. tor no longer starts and some > more as well. Applications built for Linux are unrelated to Linux? I don't think so. Ben. -- Ben Hutchings It is a miracle that curiosity survives formal education. - Albert Einstein
signature.asc
Description: This is a digitally signed message part
