Differences between revisions 167 and 168
Revision 167 as of 2017-10-26 14:40:41
Size: 3238
Editor: ?IntRigeri
Comment: "Enabling AppArmor by default?": update status & pointers.
Revision 168 as of 2018-01-18 13:40:07
Size: 3142
Editor: ?IntRigeri
Comment: Done.
Deletions are marked like this. Additions are marked like this.
Line 31: Line 31:
 * Reportbug should say if AppArmor (or any other LSM) is activated, filed as DebianBug:773346


This page tracks progress of adding AppArmor profiles to Debian.

Goals

For Buster, we'd like to enable AppArmor by default and improve the workflow for cross-distro collaborative profiles maintenance.

In progress

Enabling AppArmor by default?

We are discussing and researching if/how AppArmor should be enabled by default on Debian:

  • a discussion was started on debian-devel during ?DebConf17

  • for our short/mid-term options, see 879590

  • for a more far-fetched long-term option, see 702030: a GRUB-based approach that has value even if AppArmor is not enabled default, and also could be a way to enable it by default at least on new installations

Profiles being worked on

Pending maintainer upload

Pending upload of apparmor-profiles-extra

Wishlist bug filed

To be done

Done (for Buster, at least)

Included in the corresponding package

Note: this list is partial and somewhat outdated, i.e. the actual situation is better :)

Included in the apparmor-profiles package

The Community supported profiles are included in the apparmor-profiles package in complain mode.

Included in the apparmor-profiles-extra package

See the current list of profiles in Git.

OutreachProgram Round 9

See AppArmor/OutReachyRound9.