Bug#857798: Please add an AppArmor profile for Pulseaudio
Ulrike Uhlig
ulrike at debian.org
Wed Mar 15 08:07:00 UTC 2017
Package: pulseaudio
Severity: normal
Hi,
as you might know, AppArmor confines programs according to a set of
rules that specify what files a given program can access. This approach
helps protect the system against both known and unknown vulnerabilities.
In several distributions such as Ubuntu or Tails, AppArmor is enabled by
default.
There is an AppArmor profile for Pulseaudio available upstream:
https://git.launchpad.net/apparmor-profiles/tree/ubuntu/17.04/usr.bin.pulseaudio
I've asked the original authors if this profile is ready to be included
and they confirmed. In any case, this profile is only active if people
have installed AppArmor in first case, so it should never break the
package for users without AppArmor.
The profile can be included in the Pulseaudio packaging quite easily.
All the necessary steps are documented here:
https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport
Please also see examples in the packages torbrowser-launcher or in
Icedove
(https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/tree/debian).
I'll try to prepare a patch to make it easier for you to integrate it.
Cheers!
u.
More information about the pkg-pulseaudio-devel
mailing list