Differences between revisions 1 and 2
Revision 1 as of 2013-04-05 15:27:11
Size: 1942
Editor: ?IntRigeri
Comment: Import content from the main AppArmor page.
Revision 2 as of 2014-01-14 16:15:37
Size: 2047
Editor: ?IntRigeri
Comment: Update to match current strategy
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * An apparmor-profiles-extra package is being prepared.
Line 9: Line 10:
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically For Jessie, we'd like more enforced profiles; specifically
Line 16: Line 17:
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers. The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and either include them into apparmor-profiles-extra, or propose them to Debian package maintainers.
Line 25: Line 26:
 * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".  * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch against apparmor-profiles-extra, submit patch to the BTS.

Current status

Next goals

For Jessie, we'd like more enforced profiles; specifically (in decreasing order of priority):

  1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
  2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
  3. some low-hanging fruits from Ubuntu's Supported profiles in main list: apache2, libvirt, ntp...

The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and either include them into apparmor-profiles-extra, or propose them to Debian package maintainers.

At some point, it would be great to share the profiles maintenance e.g. with Ubuntu.

How to help

  • Test: ?enable AppArmor, enforce a bunch of profiles, report bugs and/or happiness.

  • Fix bugs tagged "new-profile".

  • Fix bugs in the apparmor source package.

  • Import profiles from Ubuntu: get the latest version, test, prepare Debian patch against apparmor-profiles-extra, submit patch to the BTS.

  • Documentation: write documentation about the user side of things.

  • Convince Ubuntu to upstream their AppArmor profiles to Debian.

Contact Information

We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one; in the meantime: