So here I am, back to Devuan, (I tried it a couple of times in the past), using the regular 'live' version installed to disk.

Seems to be working well, but haven't looked below the surface, so to speak, (& I'm not so sure I can be bothered messing with altering things on distros any more).

I just needed to find a decent replacement for my previous distro.

Evidently that's not the vision of those who are in a position to run the Debian show and decide the hows, why's and whens.

I'm glad to see we're more than one.

But I'm afraid the dice have already been rolled.
And the result was not in our favour.

Hence the very existence of Devuan.

Best,

A.

If the devs want to have a version for servers, that's fine by me, but please don't foist these things onto ordinary desktop users the likes of me, as I have no idea about them, & don't want them.

I just want a good working distro to do my daily tasks, thankyou.

Exactly my point.

I could not care less about what it is called.

It is being made part of the kernel just because some DH decided it should be.
Why? On the basis of what?

Next thing you know you'll have to set it up/configure if you want the kernel to work.
eg: no apparmor/tomoyo/SELinux? No WAN/LAN.

This has all the colourings of one of Poettering's diktats.
Like this other one:

https://dev1galaxy.org/viewtopic.php?id=4136

Bad, bad, bad ...

A.

You were quite right, I stand corrected.

In spite of what wiki.archlinux says, adding security=none disables tomoyo as there are no entries for it in dmesg, kern.log or syslog.

Edit: security=none not only disables tomoyo, it also makes apparmor=0 unneccesary. 8^D

Thanks for the heads up.  8^)
Best,

A.

Indeed ...

Hmm ...
Maybe it's yet another one of Poettering's brillant ideas?

I was wondering about that.
A bit for disabling apparmor but none for disabling tomoyo?

I think not:
https://wiki.archlinux.org/title/TOMOYO_Linux#

I'll try it out and report.

-------> I_don't_like_this.  8^|

If and when I want/need to install a Mandatory Access Control scheme for my rig's security, I'll just apt install the required modules and configure.
Why do I have to have the kernel looking to run something that is not there?

Thanks for your input.

Best,

A.

What is all this about?
Is it just me or am I seeing far too many (unrequired) Mandatory Access Control instances in the Linux kernel?

I would call it Way Too Many.

tomoyo-tools seems to be to be upstreamed from http://tomoyo.osdn.jp/ (and why that is enabled in debian's standard linux-image is unkown to me). Apparently adding security=none to the boot command should disable this one.

My 4.19 Devuan Beowulf, unlike ascii which had it disabled by default, set up apparmor as if I had actually asked for it.

I let it stay on and after reading around a bit, decided that it was not worth keeping around.
So I uninstalled it and added apparmor=0 to my kernel command line so it would not be asking for it.

Fast forward to my upgrading the installation to the 5.10 kernel:

groucho@devuan:~$ uname -a
Linux devuan 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux
groucho@devuan:~$ 

The 5.10 kernel also recommends apparmor:

groucho@devuan:~$ aptitude why apparmor
i   linux-image-5.10.0-0.bpo.3-amd64 Recommends apparmor
groucho@devuan:~$ 

So it does as the upgrade from ascii to Beowulf did and installs apparmor.

Now ...
Seeing that my kernel command line had the apparmor=0 bit, you'd think that it would leave it alone and skip installing apparmor.
After all, it left the rest of the command line stanzas as they were.

But no ...
Not only did it install apparmor but it also removed the apparmor=0 bit from the kernel command line.

No big deal: I just uninstalled it and returned the kernel command line to what I had set it.

Then while looking for clues as to what goes on in my system when I get a bad shutdown, I found this in dmesg:

In dmesg ie: at boot

[   21.906451] Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.

Also at shutdown:

In kern.log and syslog:

May 16 13:57:16 devuan kernel: [14429.313238] Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.

I had to look it up as I had no idea as to what tomoyo was, let alone of its existence.

What is all this about?
Is it just me or am I seeing far too many (unrequired) Mandatory Access Control instances in the Linux kernel?

Cheers,

A.