On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote: > On Thu, Nov 23, 2017 at 01:55:49PM +0000, Ben Hutchings wrote: > > AppArmor is the default LSM. > > There is no such thing as a default LSM in Linux.
$ grep DEFAULT_SECURITY /boot/config-4.13.0-1-amd64 # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY="apparmor" > > > The changelog suggests it was done that systemd units might use it, > > > but in that case those systemd units should depend on apparmor. > > > > They don't depend on AppArmor unless it's enabled. Which is a decision > > made in the kernel configuration (potentially overriden by the kernel > > comamnd line). > > So we should not need the recommends. -- Ben Hutchings When in doubt, use brute force. - Ken Thompson
signature.asc
Description: This is a digitally signed message part
