Package: apparmor Version: 2.11.1-2 Severity: normal Feature set pinning was broken since Linux 4.14-rc2 but it'll be repaired in 4.14-rc7. Once our policy is ready enough for Linux 4.14 (#877581) and that kernel is in sid, we can bump the pinned feature set to Linux 4.14's.
This will probably trigger a few bug reports about bits of policy that are not ready for 4.14 yet (and we'll have to track and fix these bugs), but at least we control when this happens i.e. it won't happen as soon as Linux 4.14 reaches sid. I'm not sure if we should go through this before enabling AppArmor by default. On the one hand, I'm afraid of the backlash if the first experience of testing/sid users with AppArmor is "it breaks stuff". OTOH more users => faster bug reports => quicker fixes.
