On Thu, Nov 23, 2017 at 01:59:44PM +0000, Ben Hutchings wrote: > On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote: > > On Thu, Nov 23, 2017 at 01:55:49PM +0000, Ben Hutchings wrote: > > > AppArmor is the default LSM. > > > > There is no such thing as a default LSM in Linux. > > $ grep DEFAULT_SECURITY /boot/config-4.13.0-1-amd64 > # CONFIG_DEFAULT_SECURITY_SELINUX is not set > # CONFIG_DEFAULT_SECURITY_TOMOYO is not set > CONFIG_DEFAULT_SECURITY_APPARMOR=y > # CONFIG_DEFAULT_SECURITY_DAC is not set > CONFIG_DEFAULT_SECURITY="apparmor"
That's still not an upstream default lsm. Looks like someone in Debian just decided to make apparmor the default, which is horrible news :(