Package: apparmor-profiles Version: 2.13.4-3 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Maintainer, currently when the apparmor-profiles package is installed, it installs several apparmor profile files. In this way users can have all or none of the profiles installed in their systems. Sometimes a user wants only a specific profile (or profiles) installed and doesn't really want the other profiles to be installed as well because: - he doesn't need the other profiles, - he has his own alternative profiles, which differ in rule sets, - the other profiles simply cause some issues with applications they confine. What do you think about another approach, which is to create separate packages containing individual apparmor profiles? For instance, there's the usr.sbin.dnsmasq file which is related to the dnsmasq package. In this case there could be a package named dnsmasq-apparmor-profile which would include the usr.sbin.dnsmasq file. If a user wanted to install dnsmasq and also wanted it to be confined by the default apparmor profile provided by Debian, he could also install dnsmasq-apparmor-profile, which wouldn't affect any other app functionality. Also, there are many profiles under /usr/share/apparmor/extra-profiles/ which aren't enabled, and probably no one uses them at all. If there was a package, for instance, postfix-apparmor-profile containing all the usr.lib.postfix* files installed under /etc/apparmor.d/ , I think more people would test the profiles, which would contribute to better development of the profiles themselves. Probably not all of the files included currently in the apparmor-profiles package can be separated in the way described above, but there are cases where this can be done, and I think it should be done. Tell me what do you think about this solution. -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQR1ZhNYxftXAnkWpwEy2ctjR5bMoQUCXxVrFAAKCRAy2ctjR5bM oUuSAP9vC0YwQpOCkhvml75GWrKVeWRNtxsLcDmG0G4qi/DhpQEA6Sqw0tiaYwve 1rgG46iE976oC6uVliwRSba/rkBEkAs= =5jJs -----END PGP SIGNATURE-----