On 9/9/18, Gus <qty@xxxxxxxxxx> wrote: > Linux-hardened doesn't support hibernation and i think it's overkill to > use it on desktop. Not arguing in anyway for or against AppArmor, just another data point regarding linux-hardened 4.17 and 4.18: I tried linux-hardened on two Intel machines, and it was less stable than "linux". Some of the changes are probably invasive/destabilising, which makes sense seeing how slowly and carefully the mitigations are traveling via Kees Cook into Linus' tree. I didn't have stability issues with the old linux-grsec packages, though to be fair those were also way older major releases which may matter.
