Hi, Guido Günther: > We have a stable update pending
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887855 > so this would fit but IMHO backported kernels should not turn on these > features by default (signal and ptrace). I'm not sure what would be the > best way to do this (either apparmor or the kernel package) so cc'ing > the apparmor maintainers. This should be fixed in Stretch 9.4 assuming my stable update is accepted: https://bugs.debian.org/879585 https://bugs.debian.org/882697#80 Cheers, -- intrigeri