Debian Wheezy supports AppArmor.
Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu.
Patches to add profiles to Debian packages are being filed: Bugs tagged with "new-profile" (used for adding profiles to packages).
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically (in decreasing order of priority):
- some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
- some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
some low-hanging fruits from Ubuntu's Supported profiles in main list: apache2, libvirt, ntp...
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers.
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu.
How to help
Test: ?enable AppArmor, enforce a bunch of profiles, report bugs and/or happiness.
Fix bugs tagged "new-profile".
Fix bugs in the apparmor source package.
Import profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".
Documentation: write documentation about the user side of things.
Convince Ubuntu to upstream their AppArmor profiles to Debian.
We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one; in the meantime: