[pkg-apparmor] Bug#843461: apparmor: Support usrmerge

intrigeri intrigeri at debian.org
Sat Dec 3 20:16:42 UTC 2016 

Hi,

intrigeri:
> I've started with the policy included in the upstream AppArmor main
> bzr repo:
> https://code.launchpad.net/~intrigeri/apparmor/usrmerge/+merge/312409

I'm now running sid + usrmerge + the content of this merge request on
my main system. So far, so good!

> I'll now go on with:

> 1. the AppArmor profiles Git repo

Ready for review:
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/312411

> 2. upstream software repos (at least libvirt)

Sent patch to libvirt upstream:
https://www.redhat.com/archives/libvir-list/2016-December/msg00080.html

> 3. other profiles shipped in Debian

I've now dealt with all those that are installed on my system:

 * apparmor-profiles:
   - usr.bin.chromium-browser: it's been broken in Debian for many
     years, and nobody bothered enough to upstream it in a way that
     makes it work cross-distro, so I'll simply drop this profile in
     the next upload.
 * apparmor-profiles-extra
   - usr.bin.irssi, usr.bin.pidgin, usr.sbin.apt-cacher-ng: fixed in
     my merge request against the AppArmor profiles repo; I'd rather
     not carry a delta in Debian, so I'll wait a bit for comments on
     my branch.
   - usr.sbin.tcpdump: we import this from Ubuntu, so I've sent them
     a patch
     (https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1647188)
 * cups-daemon: patch sent (Debian#846868); Ubuntu carries no delta
   against CUPS anymore so this will flow there for free
 * evince: patch submitted (Debian#846966); nowadays Ubuntu merges the
   Debian packaging regularly, so it should flow there at some point
 * icedove: fix included in my merge request against the AppArmor
   profiles repo
 * telepathy-mission-control-5: patch submitted (Debian#847065); same
   as evince, will flow to Ubuntu at some point
 * torbrowser-launcher: sent pull request upstream
   (https://github.com/micahflee/torbrowser-launcher/pull/256)

I'm running a production sid system with usrmerge, and most of these
patches applied.

Anyone wants to monitor those and ping the various maintainers
in ca. 1 month?

Any other profile we should care about?

Cheers,
-- 
intrigeri

More information about the pkg-apparmor-team mailing list