On Wed, Nov 29, 2017 at 12:03:08AM +0100, Marco d'Itri wrote:
On Nov 28, Christoph Hellwig wrote:
It's just a bad idea of a security model that implements ad-hoc
and mostly path based restrictions instead of an actually verified
security model. Using that by default makes it much harder to act
On Nov 28, Christoph Hellwig wrote:
> It's just a bad idea of a security model that implements ad-hoc
> and mostly path based restrictions instead of an actually verified
> security model. Using that by default makes it much harder to actually
> use a real MAC based security model, which not onl
On Thu, Nov 23, 2017 at 03:43:10PM +0100, Lars Wirzenius wrote:
>
> do you think you could manage to either point the general -devel
> reading population to a discussion of why using AppArmor by default is
> horrible news, or write that yourself? That would seem to be more
> constructive than you
maximilian attems writes ("Re: recommends for apparmor in newest
linux-image-4.13"):
> On Thu, Nov 23, 2017 at 03:00:49PM +0100, Wouter Verhelst wrote:
> > [1] https://lists.debian.org/debian-devel/2017/08/msg00090.html
> > [2] https://lists.debian.org/debian-devel/2
On Thu, Nov 23, 2017 at 03:00:49PM +0100, Wouter Verhelst wrote:
> On Thu, Nov 23, 2017 at 02:18:46PM +0100, Christoph Hellwig wrote:
> > Hi all,
> >
> > is there any good reason for the recommends of apparmor in the latest
> > linux packages?
>
> This is in response to a discussion that happened
On Thu, Nov 23, 2017 at 03:01:09PM +0100, Christoph Hellwig wrote:
> That's still not an upstream default lsm. Looks like someone in
> Debian just decided to make apparmor the default, which is horrible
> news :(
Hello, Christoph,
do you think you could manage to either point the general -devel
On Thu, Nov 23, 2017 at 01:59:44PM +, Ben Hutchings wrote:
> On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote:
> > On Thu, Nov 23, 2017 at 01:55:49PM +, Ben Hutchings wrote:
> > > AppArmor is the default LSM.
> >
> > There is no such thing as a default LSM in Linux.
>
> $ grep D
On Thu, Nov 23, 2017 at 01:55:49PM +, Ben Hutchings wrote:
> AppArmor is the default LSM.
There is no such thing as a default LSM in Linux.
> > The changelog suggests it was done that systemd units might use it,
> > but in that case those systemd units should depend on apparmor.
>
> They don
On Thu, Nov 23, 2017 at 02:18:46PM +0100, Christoph Hellwig wrote:
> Hi all,
>
> is there any good reason for the recommends of apparmor in the latest
> linux packages?
This is in response to a discussion that happened on this list. The
thread started in august last year[1], but really picked up
On Thu, 2017-11-23 at 14:58 +0100, Christoph Hellwig wrote:
> On Thu, Nov 23, 2017 at 01:55:49PM +, Ben Hutchings wrote:
> > AppArmor is the default LSM.
>
> There is no such thing as a default LSM in Linux.
$ grep DEFAULT_SECURITY /boot/config-4.13.0-1-amd64
# CONFIG_DEFAULT_SECURITY_SELINU
On Thu, 2017-11-23 at 14:18 +0100, Christoph Hellwig wrote:
> Hi all,
>
> is there any good reason for the recommends of apparmor in the latest
> linux packages? apparomor is just one of many security modules, and
> a fairly bogus one to start with. The kernel should not recommend it
> as it doe
Hi all,
is there any good reason for the recommends of apparmor in the latest
linux packages? apparomor is just one of many security modules, and
a fairly bogus one to start with. The kernel should not recommend it
as it doesn't add at all to the expected kernel functionality.
The changelog sug
12 matches
Mail list logo