Hi, intrigeri: > I'm working on #5525 ("Sandbox the web browser"), and have an AppArmor > profile that works locally for most basic use cases. Now, I'm > wondering how to integrate it into Tails and I need your input. > > This profile was derived from the one I've worked a lot on for > torbrowser-launcher (https://micahflee.com/torbrowser-launcher/). > > I think we have two solutions: > > 1. Download "upstream" profile and apply Tails-specific patch at > ISO build time
[..snip] > #1 has the advantages that we get upstream improvements for free, > and we're forced to track upstream, and to adjust our own patch > whenever needed: otherwise, Tails ISO build fails. [..snip] > From my point of view, #1 feels cleaner: it forces us to do the right > thing wrt. upstream, and it fails earlier (at build time). However, > I see how it can be annoying to see the build suddenly start failing, > if only few of us feel comfortable updating our profile delta. > These disadvantages are slightly mitigated, though: [..snip] > => I'm in favor of #1. Me too. Indeed, as I am co-maintaining torbrowser-launcher in Debian and work on AppArmor a lot these days, I can commit to track changes to the upstream profile. Do you want to point me at the Tails-specific patch so I can see what we are talking about? Anything else i should know or do? For people who want to know more about AppArmor.. there is now already better documentation on https://wiki.debian.org/AppArmor, and more to come. Cheers! u. _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.