Differences between revisions 7 and 8
Revision 7 as of 2012-06-30 03:17:15
Size: 2588
Editor: ?IntRigeri
Comment: Update current status
Revision 8 as of 2012-06-30 03:28:24
Size: 2689
Editor: ?IntRigeri
Comment:
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
 * The kernel used to be [[http://bugs.debian.org/661151|half-broken]], then [[http://bugs.debian.org/676515|totally broken]], and now fixed in a way that [[http://bugs.debian.org/679597|requires a userspace patch that does not exist yet]]  * The AppArmor support in the Debian testing/sid kernel used to be non-existant, then [[http://bugs.debian.org/661151|half-broken]] but relatively usable, then [[http://bugs.debian.org/676515|totally broken]], and is now fixed in a way that [[http://bugs.debian.org/679597|requires a userspace patch that does not exist yet]] to be usable.

AppArmor

Description

AppArmor is a Mandatory Access Control framework that Ubuntu has been using for a while.

Current Debian testing (Wheezy) has an AppArmor-enabled kernel.

Some Tails and Debian developers want to see Wheezy released with at least a few working profiles, and specifically (in decreasing order of priority):

  1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
  2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
  3. some low-hanging fruits from Ubuntu's Supported profiles in main list: apache2, libvirt, ntp...

The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers.

Current status

How to help

  • Test: enable AppArmor, enforce a bunch of profiles on your Debian testing/unstable systems, report bugs: ?testing instructions

  • Fix bugs tagged "new-profile".

  • Fix bugs in the apparmor source package.

  • Import profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".

  • Documentation: write basic documentation about the user side of things, starting with: how one enables AppArmor and enforces profiles on Debian.

Other Information

Contact Information

We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one; in the meantime: