Re: [arch-general] AppArmor support

> > From: Carsten Mattner > Sent: Mon Sep 10 20:07:23 CEST 2018 > To: Geo Kozey , General Discussion about Arch Linux > > Cc: Levente Polyak > Subject: Re: [arch-general] AppArmor support > > > On 9/10/18, Geo Kozey via arch-general wrote: > > > Of c

Re: [arch-general] AppArmor support

Am 10.09.18 um 20:06 schrieb Levente Polyak via arch-general: > Sure, and thanks for doing so! Fair enough, at least if you are > bisecting/debugging... but then you are recompiling multiple times > anyway and nobody wants to and nothing stops you from keeping > CONFIG_PANIC_ON_OOPS off while doing

Re: [arch-general] AppArmor support

On 9/10/18, Geo Kozey via arch-general wrote: > Of course I don't report issues with linux-hardened patch itself upstream. Correct me if I'm wrong, but does that mean you first try to repro with vanilla and fall back to reporting to -hardened if it's not present in Linus' tree?

Re: [arch-general] AppArmor support

On 9/10/18 7:31 PM, Geo Kozey wrote: >> >> From: Levente Polyak >> Sent: Mon Sep 10 18:42:14 CEST 2018 >> To: Geo Kozey >> Cc: General Discussion about Arch Linux >> Subject: Re: [arch-general] AppArmor support >> >> I think you are totally missing the po

Re: [arch-general] AppArmor support

> > From: Levente Polyak > Sent: Mon Sep 10 18:42:14 CEST 2018 > To: Geo Kozey > Cc: General Discussion about Arch Linux > Subject: Re: [arch-general] AppArmor support > > I think you are totally missing the point, everyone can happily debug, > bisect an

Re: [arch-general] AppArmor support

On 9/10/18 5:58 PM, Geo Kozey wrote: > I think you may consider disabling CONFIG_PANIC_ON_OOPS in linux-hardened > default config. Preventing users from being able to debug and report their > issues upstream or even discouraging them from using linux-hardend at all is > quite a big cost of it. Aski

Re: [arch-general] AppArmor support

> > From: Levente Polyak via arch-general > Sent: Mon Sep 10 14:09:06 CEST 2018 > To: General Discussion about Arch Linux > Cc: Levente Polyak > Subject: Re: [arch-general] AppArmor support > > > Nice to hear that you do or at least did, bear with me fo

Re: [arch-general] AppArmor support

On 9/10/18, Levente Polyak via arch-general wrote: > On 9/10/18 1:43 PM, Carsten Mattner wrote: >> On 9/10/18, Levente Polyak via arch-general >> wrote: >>> Just a crazy idea but how about contributing back instead of just >>> complaining? People on the bug tracker always help guiding how to repo

Re: [arch-general] AppArmor support

On 9/10/18 1:43 PM, Carsten Mattner wrote: > On 9/10/18, Levente Polyak via arch-general > wrote: >> Just a crazy idea but how about contributing back instead of just >> complaining? People on the bug tracker always help guiding how to report >> upstream or finding relevant commits. Yeah, i know

Re: [arch-general] AppArmor support

On 9/10/18, Levente Polyak via arch-general wrote: > It is quite definitively equally stable as vanilla linux is, there is no > crazy overly invasive stuff in hardened that would justify claiming > otherwise. That hasn't been my experience, and I'm happy to hear I might be an outlier. I am grate

Re: [arch-general] AppArmor support

On 9/9/18 10:26 PM, Carsten Mattner via arch-general wrote: > On 9/9/18, Gus wrote: >> Linux-hardened doesn't support hibernation and i think it's overkill to >> use it on desktop. > > Not arguing in anyway for or against AppArmor, just another > data point regarding linux-hardened 4.17 and 4.18: