[pkg-apparmor] Bug#843461: apparmor: Support usrmerge

intrigeri intrigeri at debian.org
Fri Jan 6 09:42:43 UTC 2017 

Hi,

here's a status update.

tl;dr: almost everything is done or waiting to migrate to testing;
there's one question for Ulrike below, and one topic
(telepathy-mission-control-5) about which I'd appreciate some input
from you folks. I'll keep this bug open until everything is fixed at
least in sid.

It would be super cool if more of us switched their testing/sid system
with AppArmor enabled to merged-/usr, in order to identify remaining
issues before our users face them.

intrigeri:
>> 1. the AppArmor profiles Git repo

> Ready for review:
> https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/312411

This was merged yesterday, and I've just uploaded
apparmor-profiles-extra with these changes applied.

>> 2. upstream software repos (at least libvirt)

> Sent patch to libvirt upstream:
> https://www.redhat.com/archives/libvir-list/2016-December/msg00080.html

Merged upstream, applied in sid (2.5.0-2), but the migration to
testing is blocked by a RC bug in src:ceph.

>> 3. other profiles shipped in Debian

> I've now dealt with all those that are installed on my system:

>  * apparmor-profiles:
>    - usr.bin.chromium-browser: it's been broken in Debian for many
>      years, and nobody bothered enough to upstream it in a way that
>      makes it work cross-distro, so I'll simply drop this profile in
>      the next upload.

Fixed in 2.10.95-8, that migrated to testing already.

>  * apparmor-profiles-extra
>    - usr.bin.irssi, usr.bin.pidgin, usr.sbin.apt-cacher-ng: fixed in
>      my merge request against the AppArmor profiles repo; I'd rather
>      not carry a delta in Debian, so I'll wait a bit for comments on
>      my branch.

Merged upstream, fixed in 1.11.

>    - usr.sbin.tcpdump: we import this from Ubuntu, so I've sent them
>      a patch
>      (https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1647188)

No reply since a month on the Ubuntu front, I went ahead and it's in
apparmor-profiles-extra 1.11.

>  * cups-daemon: patch sent (Debian#846868); Ubuntu carries no delta
>    against CUPS anymore so this will flow there for free

Fixed in 2.2.1-4, that migrated to testing already.

>  * evince: patch submitted (Debian#846966); nowadays Ubuntu merges the
>    Debian packaging regularly, so it should flow there at some point

Fixed in 3.22.1-3, that migrated to testing already.

>  * icedove: fix included in my merge request against the AppArmor
>    profiles repo

This made its way to the apparmor-profiles shared repo. I guess some
additional action is needed to have it in the icedove package.
Ulrike, do you want to take care of this?

>  * telepathy-mission-control-5: patch submitted (Debian#847065); same
>    as evince, will flow to Ubuntu at some point

No reply there, I wonder if I should NMU with my patch + the one
proposed on #814900. Opinions?

>  * torbrowser-launcher: sent pull request upstream
>    (https://github.com/micahflee/torbrowser-launcher/pull/256)

Merged upstream, cherry-picked in 0.2.6-3 that already migrated
to testing.

Cheers,
-- 
intrigeri

More information about the pkg-apparmor-team mailing list