Move Outreachy log to a dedicated page.
|Deletions are marked like this.||Additions are marked like this.|
|Line 54:||Line 54:|
|/Contribute /ContributeUpstream /Debug /HowTo /HowToUse /OutReachyRound9 /PackageMaintainers /Progress /Reportbug /Testing /UserStories|
This page tracks progress of adding AppArmor profiles to Debian.
- In progress
- To be done
- Done (for Buster, at least)
- OutreachProgram Round 9
For Stretch, we'd like more enforced profiles; specifically (in decreasing order of priority):
- some of the Usual Suspects™ on the Desktop, e.g. isc-dhcp-client, Pidgin;
- some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor;
some low-hanging fruits from Ubuntu's Supported profiles in main list: apache2, libvirt, ntp...
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and either include them into apparmor-profiles-extra, or propose them to Debian package maintainers.
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu.
Profiles being worked on
Pending maintainer upload
Pending upload of apparmor-profiles-extra
Wishlist bug filed
See the bugs tagged "new-profile".
bugs.debian.org: Enable push/pull notifications for usertags 776587
To be done
Supported profiles in Ubuntu main => import into apparmor-profiles-extra, unless the respective maintainers want to take it into their package. Maybe start with the high-profile services like Apache, OpenLDAP.
Help get more profiles into good shape, so that they can be integrated upstream or into apparmor-profiles-extra. The Ubuntu security team roadmap tells a bit about their priority, and the current status of profiles under development.
Done (for Buster, at least)
Included in the corresponding package
Note: this list is partial and somewhat outdated, i.e. the actual situation is better
Included in the apparmor-profiles package
Included in the apparmor-profiles-extra package
See the current list of profiles in Git.