Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

Package: src:linux Version: 4.13.10-1 Severity: critical Justification: breaks unrelated software Hi. Apparently AppArmor was enabled per default in the last version. While I'm usually in favour of anything that improves security (leaving aside the question here whether SELinux wouldn't be the

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

Control: severity -1 important Control: affects -1 tor On Tue, 2017-10-31 at 16:07 +0100, Christoph Anton Mitterer wrote: > Package: src:linux > Version: 4.13.10-1 > Severity: critical > Justification: breaks unrelated software > > Apparently AppArmor was enabled per default in the last version.

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

The severity would have shown people which haven't upgraded, that there are issues... :-( On Tue, 2017-10-31 at 16:01 +, Ben Hutchings wrote: > Although you can disable it (security=dac or apparmor=0) if you want. Sure. I never said this wasn't possible. > > While I'm usually in favour of a

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

On Tue, 2017-10-31 at 17:10 +0100, Christoph Anton Mitterer wrote: > The severity would have shown people which haven't upgraded, that there > are issues... :-( > > > On Tue, 2017-10-31 at 16:01 +, Ben Hutchings wrote: [...] > > Applications built for Linux are unrelated to Linux? I don't th

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

Control: tag -1 serious On Tue, 2017-10-31 at 17:21 +, Ben Hutchings wrote: > On Tue, 2017-10-31 at 17:10 +0100, Christoph Anton Mitterer wrote: > > The severity would have shown people which haven't upgraded, that there > > are issues... :-( > > > > > > On Tue, 2017-10-31 at 16:01 +, Be

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

Hi, Ben Hutchings: > My understanding was that enabling AppArmor shouldn't do very much > until a policy is loaded (which it won't be if you don't install the > userland tools). As you've found, that isn't entirely correct. Let me clear a potential misunderstanding: - It *is* correct that the

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

On Sun, 2017-11-05 at 12:21 +0100, intrigeri wrote: > Hi, > > Ben Hutchings: > > My understanding was that enabling AppArmor shouldn't do very much > > until a policy is loaded (which it won't be if you don't install the > > userland tools). As you've found, that isn't entirely correct. > > Let

Bug#880441: linux-image-4.13.0-1-amd64: silently enabled AppArmor breaks other programs

Ben Hutchings: > Yes, I now understand this. I'll add a Recommends: apparmor for the > next upload so this broken configuration is less likely to occur. Thanks! Cheers, -- intrigeri