This page tracks progress of adding AppArmor profiles to Debian.


For Stretch, we'd like more enforced profiles; specifically (in decreasing order of priority):

  1. some of the Usual Suspects™ on the Desktop: evince, isc-dhcp-client, pidgin;
  2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor;
  3. some low-hanging fruits from Ubuntu's Supported profiles in main list: apache2, libvirt, ntp...

The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and either include them into apparmor-profiles-extra, or propose them to Debian package maintainers.

At some point, it would be great to share the profiles maintenance e.g. with Ubuntu.

In progress

Profiles being worked on

Pending maintainer upload

Pending upload of apparmor-profiles-extra

Wishlist bug filed

To be done

Done (for Jessie, at least)

Included in the corresponding package

Included in the apparmor-profiles package

The Community supported profiles are included in the apparmor-profiles package in complain mode.

Included in the apparmor-profiles-extra package

OutreachProgram Round 9

During the OutreachProgramForWomen, we will work on improving AppArmor support in Debian. You can follow up on progress here and on the dedicated blog.


Week1 Dec 9th - Dec 15th, 2014

Week2 & 3 Dec 16th - Dec 30th, 2014

Week4 Dec 31st - Jan 06th, 2015

Week5 & 6 Jan 07th - Jan 20th, 2015

Week7 & 8 Jan 21st - Feb 3rd, 2015

Week9 & 10 Feb 4th - Feb 17th, 2015

Week11 - 13 Feb 18th - Mar 9th, 2015

After the internship

OPW Coordination meetings

Meetings take place on and are recorded by MeetBot.