Hello:

On 23 Feb 2026 at 10:27, Kevin Chadwick via Dng wrote:

>... developer and application is best placed to decide how to restrict itself.
On a similar note and paraphrasing: the *owner* of the hardware
running Linux is the one best placed to *decide* what and how to
restrict any applications running on their box.

More so when it is a bloody desktop.

I *do not* appreciate that my Linux (Devuan) installation runs EVM,
SELinux, AppArmor and whatever other "security" application the
packager (or whoever decides) fancies without my knowledge, approval
or possibility of effectively opting out.

Nor that you have to jump through multiple rings to disable all that
crap, something that should be easily done at install time.

And even then, EVM still gets initialised and SELinux and AppArmor
still do not report as being disabled.

[code]
$ sudo dmesg | grep evm
[    3.537971] evm: Initialising EVM extended attributes:
[    3.538157] evm: security.selinux                                
[    3.538277] evm: security.SMACK64 (disabled)
[    3.538437] evm: security.SMACK64EXEC (disabled)
[    3.538623] evm: security.SMACK64TRANSMUTE (disabled)
[    3.538805] evm: security.SMACK64MMAP (disabled)
[    3.538972] evm: security.apparmor   
[    3.539095] evm: security.ima
[    3.539202] evm: security.capability
[    3.539331] evm: HMAC attrs: 0x1
$ 
[/code]

> ... an easily broken false sense of security otherwise.
Undoutedly so.

Just my $0.02.

Best,

A.