Differences between revisions 1 and 66 (spanning 65 versions)
Revision 1 as of 2013-04-05 15:27:11
Size: 1942
Editor: ?IntRigeri
Comment: Import content from the main AppArmor page.
Revision 66 as of 2020-02-01 12:05:52
Size: 3110
Editor: nodiscc
Comment: remove siblings macro, link to main apparmor page
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#language en

<<TableOfContents>>

----

This page explains how to contribute to '''AppArmor''' in Debian.

== Infrastructure ==

 * [[https://salsa.debian.org/apparmor-team/|Salsa project]]
 * [[https://alioth.debian.org/scm/browser.php?group_id=100952| Git repository for UDD usertag script]]
 * [[https://udd.debian.org/bugs.cgi?release=sid&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]]

<<Anchor(contactteam)>>
== Interacting with the team ==

 * '''Email''': pkg-apparmor-team@lists.alioth.debian.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
 * '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel)
Line 3: Line 23:
 * Debian Wheezy supports AppArmor.
 * Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu.
 * Patches to add profiles to Debian packages are being filed: [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=new-profile;users=apparmor@packages.debian.org|Bugs tagged with "new-profile" (used for adding profiles to packages)]].
 * AppArmor is supported since Debian 7 (Wheezy).
 * See the [[AppArmor/Progress|progress tracking page]].
Line 7: Line 26:
== Next goals == == How to participate ==
Line 9: Line 28:
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically
(in decreasing order of priority):
=== Ship an AppArmor profile in "your" package ===
Line 12: Line 30:
 1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
 2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
 3. some low-hanging fruits from Ubuntu's [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles|Supported profiles in main]] list: apache2, libvirt, ntp...
 * [[AppArmor/Contribute/FirstTimeProfileImport | Import a profile to a package for the first time]], that is learn how to package using `dh_apparmor`
 * To create a completely new profile, see the [[AppArmor/Contribute#Create_new_profiles | "Create new profiles" section]].
 * [[AppArmor/Debug | Debug and test]]
Line 16: Line 34:
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers. === Improve quality of AppArmor profiles ===
Line 18: Line 36:
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu. ==== Use AppArmor ====
Line 20: Line 38:
== How to help == [[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report bugs]] and/or happiness.
Line 22: Line 40:
 * '''Test''': [[AppArmor/HowTo|enable AppArmor]], enforce a bunch of profiles, report bugs and/or happiness.
 * '''Fix bugs''' tagged "new-profile".
 * '''Fix bugs''' in the apparmor source package.
 * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".
 * '''Documentation''': write documentation about the user side of things.
 * '''Convince''' Ubuntu to upstream their AppArmor profiles to Debian.
Line 29: Line 41:
== Contact Information == ==== Create new profiles ====
Line 31: Line 43:
We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one;
in the meantime:
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this [[AppArmor/Contribute/Upstream|should be done upstream first]].
Line 34: Line 45:
 * intrigeri (intrigeri@debian.org)
 * AppArmor maintainers (apparmor@packages.debian.org)
 * The AppArmor parser ''silently'' ignores rules that are not supported by the running kernel. To check which rules are actually enforced, pass the `--warn=rules-not-enforced --warn=rule-downgraded` options to `apparmor_parser`.
 * [[AppArmor#External_links|Learn more]]

==== Import Upstream changes to Debian ====

[[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]]


=== Debug, report triage and fix bugs ===

 * [[AppArmor/Debug | Debug AppArmor profiles]]
 * [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness
 * '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=sid&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]]
 * '''Fix bugs''' in the DebianPts:apparmor package
 * '''Fix usertagged''' [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]]

=== Miscellaneous ===

 * '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date
 * '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]]

== Tools ==

In order to organize the Debian Wiki documentation about !AppArmor, we have set up a set of [[AppArmor/UserStories | user stories]].

----

CategorySystemSecurity


This page explains how to contribute to AppArmor in Debian.

Infrastructure

Interacting with the team

Current status

How to participate

Ship an AppArmor profile in "your" package

Improve quality of AppArmor profiles

Use AppArmor

Enable AppArmor, enforce a bunch of profiles, test and report bugs and/or happiness.

Create new profiles

We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first.

  • The AppArmor parser silently ignores rules that are not supported by the running kernel. To check which rules are actually enforced, pass the --warn=rules-not-enforced --warn=rule-downgraded options to apparmor_parser.

  • Learn more

Import Upstream changes to Debian

Update profiles shipped in apparmor-profiles-extra to the latest upstream version

Debug, report triage and fix bugs

Miscellaneous

Tools

In order to organize the Debian Wiki documentation about AppArmor, we have set up a set of user stories.


CategorySystemSecurity