Hi, intrigeri: > Cyril Brulebois: >> intrigeri <intrig...@debian.org> (2017-10-25): >>> I'm working on the last blockers towards starting the experiment I've >>> proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by >>> default for a while in testing/sid.
>> Does it make sense to have it installed everywhere, including in >> chroots, containers, etc., or should it be mainly installed in d-i >> installed systems? > It makes sense in any kind of system that runs its own Linux kernel: Update: the next upload of the linux-image packages will "Recommends: apparmor" (https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=sid&id=bd1e10f8bd85adf182f122417a843bf6ffbac80c) … so it might be that we don't need "Priority: standard" in the end. Cheers, -- intrigeri