Hi Dave, Cc:ing this to the list again, hope you don't mind.
Dave Turner writes: > On 29/11/17 11:07, Olaf Meeuwissen wrote: >> Hi Dave, >> >> Dave Turner writes: >> >>> On 27/11/17 21:58, Rowland Penny wrote: >>>> Hi, a guy has just asked a question on the samba mailing list about >>>> apparmor and Samba, it seems that last week, apparmor became a >>>> dependency for the kernel on Buster, because of systemd. >>>> >>>> Can I take it this dependency will be removed in Beowulf ? >>> What debian gets up to on 'testing' = Buster and 'unstable' = sid can be >>> interesting at times. >>> >>> If that dependency on apparmor is now in Buster I would expect it to be >>> in sid having proved itself as a 'good thing'. >> Not necessarily. Moving from unstable to testing merely means that >> nobody using unstable was annoyed enough by any breakage to file a >> sufficiently severe bug report against the package within the grace >> period (ten days for packages with urgency=low, IIRC). >> >>> Having just checked my sid install there are no signs of apparmor being >>> a dependency for the kernel or for Samba. >> As Adam mentioned, its a Recommends: of the kernel but you may be left >> with a non-booting machine unless you pass an `apparmor=0` to the kernel >> at boot time. > Olaf, > > In which file would I find the line 'apparmor=0' ? > > I did a 'sudo grep -R apparmor' in /bin and /boot and /etc and /sbin. > apparmor is definitely in quite a few places but that line never showed up! That is exactly the problem. It is something *you* have to add if you decide to remove apparmor. You *can* add it interactively at the boot prompt every time you boot, but it would be much better for your sanity to add it in /etc/default/grub (to the GRUB_CMDLINE_LINUX variable) and run `sudo update-grub` to persist that in /boot/grub/grub.cfg. # In principle, the apparmor package's postrm could do this for you (but # it is probably not trivial to get right in all situations). > Interestingly 'sudo grep -R apparmor' run from / crashed my laptop! If you want to grep / recursively, there is no point in deferencing symlinks as you'll get to process where they point to anyway ;-) A -r should suffice. That said, you probably do *not* want to grep your virtual file systems, devices, sockets and all of memory. So you'd be better of doing something like sudo grep -r -D skip apparmor $(ls / | sed '/dev/d; /proc/d; /run/d; \ /sys/d; /tmp/d') Feel free to adjust the sed expression to your systems idiosyncracies but this should cover the most common cases. You might want to add /media and /mnt as these are normally used for temporary content. Hope this helps, -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng