Upgrade the Linux kernel to get KPTI
We’ve currently frozen it to 4.13.10-1. It’s likely that security issues are fixed in sid until Tails 3.4.
If we upgrade to Linux 4.14 we may have to pin the AppArmor feature set to an older one (likely 4.13’s) but beware of kernel bugs wrt. feature set pinning, e.g. https://bugs.debian.org/883703.
Feature Branch: feature/14976-linux-4.14+force-all-tests, feature/14976-linux-4.14-devel+force-all-tests