Hi there,

I've been using AppArmor using SYSLINUX according to the wiki:
https://wiki.alpinelinux.org/wiki/AppArmor#With_SYSLINUX

However, /boot/extlinux.conf gets overwritten every time the kernel updates,
meaning I have to manually repeat the steps of the wiki article in order for
AppArmor to remain enabled after a kernel update.

Does anyone have suggestions on the best way to keep AppArmor enabled even with
kernel updates?

Thanks.

-- 
All emails from me will be signed with the key 8FB4 18CD 9520 22E5 BBC4 3261
3F25 7B68 F5BC 9339. You can download the public key at
https://revsuine.xyz/keys/openpgp_8FB418CD952022E5BBC432613F257B68F5BC9339.asc,
or if your mail client supports autocrypt, you can retrieve my public key from
the autocrypt header of this email.

> Hi there,
>
> I've been using AppArmor using SYSLINUX according to the wiki:
> https://wiki.alpinelinux.org/wiki/AppArmor#With_SYSLINUX
>
> However, /boot/extlinux.conf gets overwritten every time the kernel updates,
> meaning I have to manually repeat the steps of the wiki article in order for
> AppArmor to remain enabled after a kernel update.
>
> Does anyone have suggestions on the best way to keep AppArmor enabled even with
> kernel updates?

When using the update trigger you need to edit 'default_kernel_opts' in
/etc/update-extlinux.conf to something like this:

default_kernel_opts="quiet lsm=landlock,yama,apparmor"

> Thanks.