[pkg-apparmor] Bug#858174: Please provide an AppArmor profile for Firefox

Ulrike Uhlig ulrike at debian.org
Mon Mar 20 07:49:00 UTC 2017


Hi Mike,

Mike Hommey:
> control: reassign -1 apparmor-profiles
>> Package: firefox
>> Severity: normal

>> as you might know, AppArmor confines programs according to a set of
>> rules that specify what files a given program can access. This approach
>> helps protect the system against both known and unknown vulnerabilities.
>> In several distributions such as Ubuntu or Tails, AppArmor is enabled by
>> default.
> 
> AppArmor profiles ought to be in the apparmor-profiles package. In fact,
> there is one for Firefox there according to
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805594#24

@intrigeri: I was not aware that this profile is considered incomplete.
Ubuntu ships it in Firefox as it seems. Or did I misunderstand that?

> If it needs update, this should happen there.

The ultimate aim for AppArmor in Debian is to have each package install
their own profile an make the apparmor-profiles and
apparmor-profiles-extra package disappear on the long term.

Cheers!
u.



More information about the pkg-apparmor-team mailing list