1942
Comment: Import content from the main AppArmor page.
|
3253
add mailing list link
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
<<Navigation(siblings,1)>> ---- <<TableOfContents>> This page explains how to contribute to !AppArmor in Debian. == Infrastructure == * [[http://anonscm.debian.org/gitweb/?p=collab-maint/apparmor-profiles-extra.git;a=summary|Git repository for extra profiles]] * [[https://alioth.debian.org/projects/pkg-apparmor/|Alioth project]] * [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]] <<Anchor(contactteam)>> == Interacting with the team == * '''Email''': pkg-apparmor-team@lists.alioth.debian.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives) * '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel) |
|
Line 4: | Line 22: |
* Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu. * Patches to add profiles to Debian packages are being filed: [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=new-profile;users=apparmor@packages.debian.org|Bugs tagged with "new-profile" (used for adding profiles to packages)]]. |
* See the [[AppArmor/Progress|progress tracking page]]. |
Line 7: | Line 24: |
== Next goals == | == How to participate == |
Line 9: | Line 26: |
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically (in decreasing order of priority): |
=== Ship an AppArmor profile in "your" package === * [[AppArmor/Contribute/ImportProfileFromUpstream | Import a profile from upstream]] * [[AppArmor/Contribute/ImportProfileFromExtra | Import a profile from apparmor-profiles-extra]] to the package to the package you maintain * [[AppArmor/Contribute/PackageMaintainers | Learn how to package using dh_apparmor]], ie. if your upstream provides an !AppArmor profile for the packaged software * To create a completely new profile, see section "Create new profiles" on this page. * [[AppArmor/Debug | Debug and test]] |
Line 12: | Line 33: |
1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin; 2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia; 3. some low-hanging fruits from Ubuntu's [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles|Supported profiles in main]] list: apache2, libvirt, ntp... |
=== Improve quality of AppArmor profiles === |
Line 16: | Line 35: |
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers. | ==== Use AppArmor ==== |
Line 18: | Line 37: |
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu. | [[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report and triage bugs]] and/or happiness. |
Line 20: | Line 39: |
== How to help == | ==== Upstream Debian changes to AppArmor profiles ==== |
Line 22: | Line 41: |
* '''Test''': [[AppArmor/HowTo|enable AppArmor]], enforce a bunch of profiles, report bugs and/or happiness. * '''Fix bugs''' tagged "new-profile". * '''Fix bugs''' in the apparmor source package. * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile". * '''Documentation''': write documentation about the user side of things. * '''Convince''' Ubuntu to upstream their AppArmor profiles to Debian. |
We want to keep our delta with upstream as low as possible. That is why we encourage you to patch profiles upstream: [[AppArmor/Contribute/Upstream|Contribute to Upstream]]. |
Line 29: | Line 43: |
== Contact Information == | ==== Create new profiles ==== |
Line 31: | Line 45: |
We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one; in the meantime: |
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first. Create or patch profiles: [[AppArmor/Contribute/Upstream|Contribute to Upstream]]. |
Line 34: | Line 47: |
* intrigeri (intrigeri@debian.org) * AppArmor maintainers (apparmor@packages.debian.org) |
==== Import Upstream changes to Debian ==== [[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]] === Debug, report triage and fix bugs === * [[AppArmor/Debug | Debug AppArmor profiles]] * [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness. * '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]] * '''Fix bugs''' in the DebianPts:apparmor package. * '''Fix usertagged''' [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]] === Miscellaneous === * '''Convince''' Ubuntu to upstream their !AppArmor profiles to Debian. * '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date. * '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]]. |
/Contribute /Debug /HowToUse /OutReachyRound9 /Progress /Reportbug /UserStories |
This page explains how to contribute to AppArmor in Debian.
Infrastructure
Interacting with the team
Email: pkg-apparmor-team@lists.alioth.debian.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
IRC: #apparmor on irc.oftc.net (general AppArmor discussion channel)
Current status
Debian Wheezy supports AppArmor.
See the progress tracking page.
How to participate
Ship an AppArmor profile in "your" package
?Import a profile from upstream
?Import a profile from apparmor-profiles-extra to the package to the package you maintain
?Learn how to package using dh_apparmor, ie. if your upstream provides an AppArmor profile for the packaged software
- To create a completely new profile, see section "Create new profiles" on this page.
Improve quality of AppArmor profiles
Use AppArmor
Enable AppArmor, enforce a bunch of profiles, test and report and triage bugs and/or happiness.
Upstream Debian changes to AppArmor profiles
We want to keep our delta with upstream as low as possible. That is why we encourage you to patch profiles upstream: Contribute to Upstream.
Create new profiles
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first. Create or patch profiles: Contribute to Upstream.
Import Upstream changes to Debian
Update profiles shipped in apparmor-profiles-extra to the latest upstream version
Debug, report triage and fix bugs
Report and triage bugs and/or happiness.
Fix bugs in the packages we maintain
Fix bugs in the apparmor package.
Fix usertagged bugs
Miscellaneous
Convince Ubuntu to upstream their AppArmor profiles to Debian.
Organize by keeping the progress tracking page up-to-date.
Documentation: improve the documentation about the user side of things.