Dear AppArmor Maintainers,
I have two ideas on how to implement this and might eventually even be
able to submit patches for this.
1) A clean solution, that can be implemented in the grub-common package:
In /etc/grub.d/10_linux it could be attempted to run aa-status and if it
exits 0, the following line
linux ${rel_dirname}/${basename}
root=${linux_root_device_thisversion} ro ${args}
could be extended with
apparmor=1 security=apparmor
i.e. have some $maybe_apparmor before ${args}.
2) A less clean solution that can be implemented in the apparmor package:
Create a script /etc/grub.d/39_apparmor, that searches
/boot/grub/grub.cfg for
menuentry 'Debian GNU/Linux, with Linux *' --class debian
linux /boot/vmlinuz-* root=UUID=* ro
and injects
apparmor=1 security=apparmor
at the end.
Please tell me what you think.
Cheers,
Patrick
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
