Sarpi4 kernel config: apparmor
by mralk3 from LinuxQuestions.org on (#585GN)
I have been building my own kernels for a few months now so I am a bit out of the "sarpi loop". Do the latest sarpi kernel configs enable apparmor now? With a 'make bcm2711_defconfig', on 5.4.65 from the Raspbian repo, apparmor is indeed available. The only requirement to activate it once booted is adding to cmdline.txt:
Code:lsm=apparmorReferences:
https://github.com/raspberrypi/linux/pull/1698
and defconfig changes:
https://github.com/raspberrypi/linux...fa6a2e713677b8
I ask because the only devices on my network that aren't using apparmor are the router, file server, and git server. All of those devices are on 24/7 running Slackware. It would be amazing to have apparmor support in SlackwareARM by way of sarpi. I use it on all my x86 and x86_64 machines already. It would just be a matter of making accurate apparmor profiles for each device. If you are interested in apparmor, it is available as a SlackBuild on slackbuilds.org
With that said, I understand that AppArmor is not popular outside of Ubuntu, Debian, and other Debian based systems. It wouldn't come as a surprise to me if sarpi disabled these kernel configs. One can only hope! :hattip:
Code:lsm=apparmorReferences:
https://github.com/raspberrypi/linux/pull/1698
and defconfig changes:
https://github.com/raspberrypi/linux...fa6a2e713677b8
I ask because the only devices on my network that aren't using apparmor are the router, file server, and git server. All of those devices are on 24/7 running Slackware. It would be amazing to have apparmor support in SlackwareARM by way of sarpi. I use it on all my x86 and x86_64 machines already. It would just be a matter of making accurate apparmor profiles for each device. If you are interested in apparmor, it is available as a SlackBuild on slackbuilds.org
With that said, I understand that AppArmor is not popular outside of Ubuntu, Debian, and other Debian based systems. It wouldn't come as a surprise to me if sarpi disabled these kernel configs. One can only hope! :hattip: