[pkg-apparmor] Bug#882672: thunderbird: Disable the AppArmor profile by default

[intrigeri at debian.org]

Package: thunderbird
Version: 1:52.4.0-1
Severity: important
X-Debbugs-Cc: Simon Deziel <simon at sdeziel.info>, pkg-apparmor-team at lists.alioth.debian.org
User: pkg-apparmor-team at lists.alioth.debian.org
Usertags: modify-profile

Hi,

since AppArmor was enabled by default in sid 9 days ago, it's become
obvious that the AppArmor policy we ship for Thunderbird simply breaks
too many use cases, and there seems to be no way to fix that while
providing meaningful confinement: for example, see #882048 and
#882218. So let's make this AppArmor profile opt-in, i.e. disable it
by default and let users enable it themselves if they are fine with
dealing with the fallout. That's a bit sad, but it's a much better
output than seeing people burning themselves and getting used to
disabling AppArmor entirely on their system, i.e. losing the benefits
of the other, working profiles we ship.

I think we can implement this change by shipping a symlink to the
profile in /etc/apparmor.d/disable/. My understanding is that dpkg
will treat this removal of a conffile as a change worth preserving on
upgrades, i.e. it won't install the symlink again if it's
been deleted.

I'll prepare a branch in Vcs-Git right away.

FTR the two other people who've been actively working on this profile
recently agree with this proposal:

 - Simon Deziel:
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882218#25

 - Vincas Dargis:
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882048#50

Cheers,
-- 
intrigeri