Import content from the main AppArmor page.
remove siblings macro, link to main apparmor page
|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
This page explains how to contribute to '''AppArmor''' in Debian.
== Infrastructure ==
* [[https://salsa.debian.org/apparmor-team/|Salsa project]]
* [[https://alioth.debian.org/scm/browser.php?group_id=100952| Git repository for UDD usertag script]]
* [[https://udd.debian.org/bugs.cgi?release=sid&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]]
== Interacting with the team ==
* '''Email''': firstname.lastname@example.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
* '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel)
|Line 3:||Line 23:|
| * Debian Wheezy supports AppArmor.
* Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu.
* Patches to add profiles to Debian packages are being filed: [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=new-profile;email@example.com|Bugs tagged with "new-profile" (used for adding profiles to packages)]].
| * AppArmor is supported since Debian 7 (Wheezy).
* See the [[AppArmor/Progress|progress tracking page]].
|Line 7:||Line 26:|
|== Next goals ==||== How to participate ==|
|Line 9:||Line 28:|
|For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically
(in decreasing order of priority):
|=== Ship an AppArmor profile in "your" package ===|
|Line 12:||Line 30:|
| 1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
3. some low-hanging fruits from Ubuntu's [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles|Supported profiles in main]] list: apache2, libvirt, ntp...
| * [[AppArmor/Contribute/FirstTimeProfileImport | Import a profile to a package for the first time]], that is learn how to package using `dh_apparmor`
* To create a completely new profile, see the [[AppArmor/Contribute#Create_new_profiles | "Create new profiles" section]].
* [[AppArmor/Debug | Debug and test]]
|Line 16:||Line 34:|
|The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers.||=== Improve quality of AppArmor profiles ===|
|Line 18:||Line 36:|
|At some point, it would be great to share the profiles maintenance e.g. with Ubuntu.||==== Use AppArmor ====|
|Line 20:||Line 38:|
|== How to help ==||[[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report bugs]] and/or happiness.|
|Line 22:||Line 40:|
| * '''Test''': [[AppArmor/HowTo|enable AppArmor]], enforce a bunch of profiles, report bugs and/or happiness.
* '''Fix bugs''' tagged "new-profile".
* '''Fix bugs''' in the apparmor source package.
* '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".
* '''Documentation''': write documentation about the user side of things.
* '''Convince''' Ubuntu to upstream their AppArmor profiles to Debian.
|Line 29:||Line 41:|
|== Contact Information ==||==== Create new profiles ====|
|Line 31:||Line 43:|
|We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one;
in the meantime:
|We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this [[AppArmor/Contribute/Upstream|should be done upstream first]].|
|Line 34:||Line 45:|
| * intrigeri (firstname.lastname@example.org)
* AppArmor maintainers (email@example.com)
| * The AppArmor parser ''silently'' ignores rules that are not supported by the running kernel. To check which rules are actually enforced, pass the `--warn=rules-not-enforced --warn=rule-downgraded` options to `apparmor_parser`.
* [[AppArmor#External_links|Learn more]]
==== Import Upstream changes to Debian ====
[[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]]
=== Debug, report triage and fix bugs ===
* [[AppArmor/Debug | Debug AppArmor profiles]]
* [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness
* '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=sid&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]]
* '''Fix bugs''' in the DebianPts:apparmor package
* '''Fix usertagged''' [[https://firstname.lastname@example.org|bugs]]
=== Miscellaneous ===
* '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date
* '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]]
== Tools ==
In order to organize the Debian Wiki documentation about !AppArmor, we have set up a set of [[AppArmor/UserStories | user stories]].
This page explains how to contribute to AppArmor in Debian.
Interacting with the team
Email: email@example.com (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
IRC: #apparmor on irc.oftc.net (general AppArmor discussion channel)
How to participate
Ship an AppArmor profile in "your" package
Import a profile to a package for the first time, that is learn how to package using dh_apparmor
To create a completely new profile, see the "Create new profiles" section.
Improve quality of AppArmor profiles
Create new profiles
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first.
The AppArmor parser silently ignores rules that are not supported by the running kernel. To check which rules are actually enforced, pass the --warn=rules-not-enforced --warn=rule-downgraded options to apparmor_parser.
Import Upstream changes to Debian
Debug, report triage and fix bugs
Report and triage bugs and/or happiness
Fix bugs in the packages we maintain
Fix bugs in the apparmor package
Fix usertagged bugs
Organize by keeping the progress tracking page up-to-date
Documentation: improve the documentation about the user side of things
In order to organize the Debian Wiki documentation about AppArmor, we have set up a set of user stories.