|/Contribute /ContributeUpstream /Debug /HowTo /HowToUse /OutReachyRound9 /PackageMaintainers /Progress /Reportbug /Testing /UserStories|
This page tracks progress of adding AppArmor profiles to Debian.
- In progress
- To be done
- Done (for Buster, at least)
- OutreachProgram Round 9
For Buster, we'd like to enable AppArmor by default and improve the workflow for cross-distro collaborative profiles maintenance.
Enabling AppArmor by default?
We are discussing and researching if/how AppArmor should be enabled by default on Debian:
XXX: link to discussion on debian-devel started during ?DebConf17
We could also enable AppArmor directly in the kernel with CONFIG_DEFAULT_SECURITY="apparmor" and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
Profiles being worked on
Pending maintainer upload
Pending upload of apparmor-profiles-extra
Wishlist bug filed
See the bugs tagged "new-profile".
bugs.debian.org: Enable push/pull notifications for usertags 776587
To be done
Supported profiles in Ubuntu main => import into apparmor-profiles-extra, unless the respective maintainers want to take it into their package. Maybe start with the high-profile services like Apache, OpenLDAP.
Help get more profiles into good shape, so that they can be integrated upstream or into apparmor-profiles-extra. The Ubuntu security team roadmap tells a bit about their priority, and the current status of profiles under development.
Done (for Buster, at least)
Included in the corresponding package
Note: this list is partial and somewhat outdated, i.e. the actual situation is better
Included in the apparmor-profiles package
Included in the apparmor-profiles-extra package
See the current list of profiles in Git.