intrigeri: Hi,
Overall, this sounds like an interesting proposal and personally, I agree that I think the Debian Linux ports would be better off with an LSM enabled by default. > What's the cost for Debian users? > --------------------------------- > > AppArmor unavoidably breaks functionality from time to time: e.g. > new versions of software we package (or of their dependencies) > regularly start needing access to new file locations. s/AppArmor/Any LSM/ Can we integrate these LSM policies into our testing frameworks (e.g. autopkgtests), so we can start having automated tests of even basic functionality. Or will that happen "out of the box" if we enable it by default (and, possibly, enable it on our test hosts)? Thanks, ~Niels
