Bug#879590: Making apparmor "Priority: standard"? [Was: Bug#879590: apparmor: Decide how we enable AppArmor by default]

Hi, intrigeri: > Cyril Brulebois: >> intrigeri (2017-10-25): >>> I'm working on the last blockers towards starting the experiment I've >>> proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by >>> default for a while in testing/sid. >> Does it make sense to

Bug#879590: apparmor: Decide how we enable AppArmor by default

Hi, intrigeri: > Ben Hutchings: >> On Mon, 2017-10-23 at 10:06 +0200, intrig...@debian.org wrote: >>> A. Make AppArmor the default LSM in the kernel >> [...] >>> B. Configure bootloaders to enable AppArmor by default >>> >>>On https://bugs.debian.org/702030 a nice & flexible solution was >>>

Bug#879590: Making apparmor "Priority: standard"? [Was: Bug#879590: apparmor: Decide how we enable AppArmor by default]

Hi KiBi! Cyril Brulebois: > intrigeri (2017-10-25): >> I'm working on the last blockers towards starting the experiment I've >> proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by >> default for a while in testing/sid. > Does it make sense to have it

Bug#879590: apparmor: Decide how we enable AppArmor by default

intrigeri: > But I'm not sure what's the best way to pull the apparmor package: > 1. on testing/sid upgrades, during the Buster dev cycle: this would >greatly increase the value of the "enable AppArmor by default for >a while" experiment; > 2. during Stretch to Buster upgrades: this seems

Bug#879590: Making apparmor "Priority: standard"? [Was: Bug#879590: apparmor: Decide how we enable AppArmor by default]

Hi'ntrigeri, intrigeri (2017-10-25): > I'm working on the last blockers towards starting the experiment I've > proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by > default for a while in testing/sid. Does it make sense to have it installed everywhere,

Bug#879590: Making apparmor "Priority: standard"? [Was: Bug#879590: apparmor: Decide how we enable AppArmor by default]

Hi debian-boot@! tl;dr: can I make the apparmor package Priority: standard? Context === I'm working on the last blockers towards starting the experiment I've proposed on debian-devel@ 2.5 months ago, i.e. enabling AppArmor by default for a while in testing/sid. Enabling AppArmor by default

Bug#879590: apparmor: Decide how we enable AppArmor by default

Hi, intrigeri: > Next step: figure out how to actually pull AppArmor utilities & policy > by default (enabling the LSM is not very useful if we don't install > those too). For new installations, making the apparmor package "Priority: standard" seems to be the way to go. I've trimmed its

Bug#879590: apparmor: Decide how we enable AppArmor by default

Hi, Ben Hutchings: > On Mon, 2017-10-23 at 10:06 +0200, intrig...@debian.org wrote: >> A. Make AppArmor the default LSM in the kernel > [...] >> B. Configure bootloaders to enable AppArmor by default >> >>On https://bugs.debian.org/702030 a nice & flexible solution was >>designed; let's

Bug#879590: apparmor: Decide how we enable AppArmor by default

On Mon, 2017-10-23 at 10:06 +0200, intrig...@debian.org wrote: > Package: apparmor > Version: 2.11.0-11 > Severity: normal > X-Debbugs-Cc: Ben Hutchings > > Hi, > > we're discussing whether to enable AppArmor by default during the > Buster cycle, but we have no actual plan wrt.

Bug#879590: apparmor: Decide how we enable AppArmor by default

Package: apparmor Version: 2.11.0-11 Severity: normal X-Debbugs-Cc: Ben Hutchings Hi, we're discussing whether to enable AppArmor by default during the Buster cycle, but we have no actual plan wrt. how to do it. There are several options: A. Make AppArmor the default LSM in