[pkg-apparmor] Bug#858174: Re: Bug#858174: Please provide an AppArmor profile for Firefox
intrigeri
intrigeri at debian.org
Wed Apr 5 06:08:53 UTC 2017
Hi,
Vincas Dargis:
> 2017.04.04 08:26, intrigeri rašė:
>> Thanks! But it ships disabled (or in complain mode) by default, right?
> Yes it's disabled, and it's from firefox package.
Thanks!
>> OK. So these improvements shall be upstreamed.
>>> Or "fixed" old "profiles/apparmor/profiles/extras/usr.lib.firefox.firefox",
>>> by sending patches upstream?
>>
>> Yes, please. And as written above, this doesn't prevent us from
>> shipping it to /etc/apparmor.d (disabled by default) if it's
>> good enough.
> OK but I am still a little puzzled. If Ubuntu Firefox team
> does not upstream their profile it (because it's too Ubuntu-specific?), so it
> kinda maybe means we can't use it as "fix" for old
> "profiles/apparmor/profiles/extras/usr.lib.firefox.firefox" directly, right?
Right, that's why I wrote "So these improvements shall be upstreamed" :)
> So we just take some interesting parts (like Elecrolysis a.k.a. e10e support?),
> ignore networking because Debian kernel does not has it, and... try to push that
> into AppArmor upsteam?
IMO the parts that require third-party kernel patches shall be
upstreamed as well: the end goal would be that the resulting upstream
profile can be pulled as-is by as many distros as possible, including
those that apply these patches, i.e. Ubuntu and OpenSUSE.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list