[arch-general] AppArmor support
Levente Polyak
anthraxx at archlinux.org
Mon Sep 10 16:42:14 UTC 2018
On 9/10/18 5:58 PM, Geo Kozey wrote:
> I think you may consider disabling CONFIG_PANIC_ON_OOPS in linux-hardened
> default config. Preventing users from being able to debug and report their
> issues upstream or even discouraging them from using linux-hardend at all is
> quite a big cost of it. Asking users to recompile their kernels every time they want
> to investigate their issues is also a little too much.
>
> There is "oops=panic" cmdline which everyone can use and which is much more
> flexible to switch between debug/non-debug mode than recompiling. I don't think
> adding something to cmdline is beyond capabilities of Arch users, especially if
> they're interested in security.
>
> Yours sincerely
>
> G. K.
>
I think you are totally missing the point, everyone can happily debug,
bisect and get proper crash information. The problem is reporting
upstream, which won't be accepted if you use anything but a vanilla
kernel (which hardened isn't as it provides custom patches).
If you want to approach upstream then reproducing the same thing on the
vanilla kernel is the only option you have, otherwise it will be rejected.
cheers,
Levente
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20180910/abf2ea65/attachment-0001.asc>
More information about the arch-general
mailing list