Package: pulseaudio Severity: normal Hi,
as you might know, AppArmor confines programs according to a set of rules that specify what files a given program can access. This approach helps protect the system against both known and unknown vulnerabilities. In several distributions such as Ubuntu or Tails, AppArmor is enabled by default. There is an AppArmor profile for Pulseaudio available upstream: https://git.launchpad.net/apparmor-profiles/tree/ubuntu/17.04/usr.bin.pulseaudio I've asked the original authors if this profile is ready to be included and they confirmed. In any case, this profile is only active if people have installed AppArmor in first case, so it should never break the package for users without AppArmor. The profile can be included in the Pulseaudio packaging quite easily. All the necessary steps are documented here: https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport Please also see examples in the packages torbrowser-launcher or in Icedove (https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/tree/debian). I'll try to prepare a patch to make it easier for you to integrate it. Cheers! u.