FS#56638 - [linux-hardened] Could AppArmor support be enabled in config?
Attached to Project:
Arch Linux
Opened by Francois (francoism90) - Friday, 08 December 2017, 17:58 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 05 July 2018, 21:59 GMT
Opened by Francois (francoism90) - Friday, 08 December 2017, 17:58 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 05 July 2018, 21:59 GMT
|
Details
Description:
Since AppArmor seem to be supported again by the kernel, and SELinux is enabled by default in config - could we please also enable AppArmor? Additional info: * linux-hardened 4.14.3.a-1 Steps to reproduce: - Cat config, not enabled. |
This task depends upon
Closed by Levente Polyak (anthraxx)
Thursday, 05 July 2018, 21:59 GMT
Reason for closing: Implemented
Additional comments about closing: 4.17.4.a-1
Thursday, 05 July 2018, 21:59 GMT
Reason for closing: Implemented
Additional comments about closing: 4.17.4.a-1
However there is a AUR package with apparmor enabled, you just have to compile it yourself: https://aur.archlinux.org/packages/linux-hardened-apparmor/
I do hope someone takes up the task of prebuilding the package for others like me.
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_SECURITY_APPARMOR=y
Yeah, I could add an own patch, but I rather would have a compiled kernel.
It is entirely possible anthraxx will approve this request.
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
https://github.com/anthraxx/arch-pkgbuilds/pull/14#issuecomment-385815899