[arch-general] AppArmor support
Levente Polyak
anthraxx at archlinux.org
Mon Sep 10 18:06:33 UTC 2018
On 9/10/18 7:31 PM, Geo Kozey wrote:
>> ----------------------------------------
>> From: Levente Polyak <anthraxx at archlinux.org>
>> Sent: Mon Sep 10 18:42:14 CEST 2018
>> To: Geo Kozey <geokozey at mailfence.com>
>> Cc: General Discussion about Arch Linux <arch-general at archlinux.org>
>> Subject: Re: [arch-general] AppArmor support
>>
>> I think you are totally missing the point, everyone can happily debug,
>> bisect and get proper crash information. The problem is reporting
>> upstream, which won't be accepted if you use anything but a vanilla
>> kernel (which hardened isn't as it provides custom patches).
>>
>> If you want to approach upstream then reproducing the same thing on the
>> vanilla kernel is the only option you have, otherwise it will be rejected.
>>
>> cheers,
>> Levente
>>
>
> Nope. Not everyone can happily debug and bisect if every bug causes panic
> and forced reboot of their machine.
>
> As a person who reported dozen of bugs (mostly upstream specific but some
> of them can be found only with linux-hardened - all of them fixed) and who
> tests every rc kernel with linux-hardened patch and several others patches on
> top of it, I can tell you that none valid report will be rejected. Of course I don't
> report issues with linux-hardened patch itself upstream.
>
> I have to admit that if I haven't disabled myself CONFIG_PANIC_ON_OOPS I
> would give up long time ago.
>
Sure, and thanks for doing so! Fair enough, at least if you are
bisecting/debugging... but then you are recompiling multiple times
anyway and nobody wants to and nothing stops you from keeping
CONFIG_PANIC_ON_OOPS off while doing so.
However, that's not the average use case and that doesn't mean it must
be off for everyone, it will remain "better safe then sorry" by default
for the reasons i pointed out.
cheers,
Levente
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20180910/16f1b57c/attachment.asc>
More information about the arch-general
mailing list