apparmor-profiles_2.13.2-10_all.deb


Advertisement

Description

apparmor-profiles - experimental profiles for AppArmor security policies

Property Value
Distribution Debian 10 (Buster)
Repository Debian Main i386
Package filename apparmor-profiles_2.13.2-10_all.deb
Package name apparmor-profiles
Package version 2.13.2
Package release 10
Package architecture all
Package type deb
Category admin
Homepage http://apparmor.net/
License -
Maintainer Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org>
Download size 90.45 KB
Installed size 329.00 KB
apparmor-profiles provides various experimental AppArmor profiles.
Do not expect these profiles to work out-of-the-box.
These profiles are not mature enough to be shipped in enforce mode by
default on Debian. They are shipped in complain mode so that users
can test them, choose which are desired, and help improve them
upstream if needed.
Some even more experimental profiles are included in
/usr/share/doc/apparmor-profiles/extras/.

Alternatives

Package Version Architecture Repository
apparmor-profiles_2.13.2-10_all.deb 2.13.2 all Debian Main
apparmor-profiles - - -

Requires

Name Value
apparmor >= 2.8.96~2535-0ubuntu1~

Download

Type URL
Mirror ftp.br.debian.org
Binary Package apparmor-profiles_2.13.2-10_all.deb
Source Package apparmor

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install apparmor-profiles deb package:
    # sudo apt-get install apparmor-profiles

Files

Path
/etc/apparmor.d/bin.ping
/etc/apparmor.d/sbin.klogd
/etc/apparmor.d/sbin.syslog-ng
/etc/apparmor.d/sbin.syslogd
/etc/apparmor.d/usr.sbin.avahi-daemon
/etc/apparmor.d/usr.sbin.dnsmasq
/etc/apparmor.d/usr.sbin.identd
/etc/apparmor.d/usr.sbin.mdnsd
/etc/apparmor.d/usr.sbin.nmbd
/etc/apparmor.d/usr.sbin.nscd
/etc/apparmor.d/usr.sbin.smbd
/etc/apparmor.d/usr.sbin.smbldap-useradd
/etc/apparmor.d/usr.sbin.traceroute
/etc/apparmor.d/apache2.d/phpsysinfo
/usr/share/apparmor/extra-profiles/README
/usr/share/apparmor/extra-profiles/bin.netstat
/usr/share/apparmor/extra-profiles/etc.cron.daily.logrotate
/usr/share/apparmor/extra-profiles/etc.cron.daily.slocate.cron
/usr/share/apparmor/extra-profiles/etc.cron.daily.tmpwatch
/usr/share/apparmor/extra-profiles/sbin.dhclient
/usr/share/apparmor/extra-profiles/sbin.dhclient-script
/usr/share/apparmor/extra-profiles/sbin.dhcpcd
/usr/share/apparmor/extra-profiles/sbin.portmap
/usr/share/apparmor/extra-profiles/sbin.resmgrd
/usr/share/apparmor/extra-profiles/sbin.rpc.lockd
/usr/share/apparmor/extra-profiles/sbin.rpc.statd
/usr/share/apparmor/extra-profiles/usr.NX.bin.nxclient
/usr/share/apparmor/extra-profiles/usr.bin.acroread
/usr/share/apparmor/extra-profiles/usr.bin.apropos
/usr/share/apparmor/extra-profiles/usr.bin.evolution-2.10
/usr/share/apparmor/extra-profiles/usr.bin.fam
/usr/share/apparmor/extra-profiles/usr.bin.freshclam
/usr/share/apparmor/extra-profiles/usr.bin.gaim
/usr/share/apparmor/extra-profiles/usr.bin.man
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-bounce
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-maintd
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-make-ml.sh
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-process
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-recieve
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-send
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-sub
/usr/share/apparmor/extra-profiles/usr.bin.mlmmj-unsub
/usr/share/apparmor/extra-profiles/usr.bin.opera
/usr/share/apparmor/extra-profiles/usr.bin.passwd
/usr/share/apparmor/extra-profiles/usr.bin.procmail
/usr/share/apparmor/extra-profiles/usr.bin.skype
/usr/share/apparmor/extra-profiles/usr.bin.spamc
/usr/share/apparmor/extra-profiles/usr.bin.svnserve
/usr/share/apparmor/extra-profiles/usr.bin.wireshark
/usr/share/apparmor/extra-profiles/usr.bin.xfs
/usr/share/apparmor/extra-profiles/usr.lib.GConf.2.gconfd-2
/usr/share/apparmor/extra-profiles/usr.lib.RealPlayer10.realplay
/usr/share/apparmor/extra-profiles/usr.lib.bonobo.bonobo-activation-server
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.anvil
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.auth
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.config
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.deliver
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.dict
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.dovecot-auth
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.dovecot-lda
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.imap
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.imap-login
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.lmtp
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.log
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.managesieve
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.managesieve-login
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.pop3
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.pop3-login
/usr/share/apparmor/extra-profiles/usr.lib.dovecot.ssl-params
/usr/share/apparmor/extra-profiles/usr.lib.evolution-data-server.evolution-data-server-1.10
/usr/share/apparmor/extra-profiles/usr.lib.firefox.firefox
/usr/share/apparmor/extra-profiles/usr.lib.firefox.firefox.sh
/usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client
/usr/share/apparmor/extra-profiles/usr.lib.man-db.man
/usr/share/apparmor/extra-profiles/usr.lib.postfix.anvil
/usr/share/apparmor/extra-profiles/usr.lib.postfix.bounce
/usr/share/apparmor/extra-profiles/usr.lib.postfix.cleanup
/usr/share/apparmor/extra-profiles/usr.lib.postfix.discard
/usr/share/apparmor/extra-profiles/usr.lib.postfix.error
/usr/share/apparmor/extra-profiles/usr.lib.postfix.flush
/usr/share/apparmor/extra-profiles/usr.lib.postfix.lmtp
/usr/share/apparmor/extra-profiles/usr.lib.postfix.local
/usr/share/apparmor/extra-profiles/usr.lib.postfix.master
/usr/share/apparmor/extra-profiles/usr.lib.postfix.nqmgr
/usr/share/apparmor/extra-profiles/usr.lib.postfix.oqmgr
/usr/share/apparmor/extra-profiles/usr.lib.postfix.pickup
/usr/share/apparmor/extra-profiles/usr.lib.postfix.pipe
/usr/share/apparmor/extra-profiles/usr.lib.postfix.proxymap
/usr/share/apparmor/extra-profiles/usr.lib.postfix.qmgr
/usr/share/apparmor/extra-profiles/usr.lib.postfix.qmqpd
/usr/share/apparmor/extra-profiles/usr.lib.postfix.scache
/usr/share/apparmor/extra-profiles/usr.lib.postfix.showq
/usr/share/apparmor/extra-profiles/usr.lib.postfix.smtp
/usr/share/apparmor/extra-profiles/usr.lib.postfix.smtpd
/usr/share/apparmor/extra-profiles/usr.lib.postfix.spawn
/usr/share/apparmor/extra-profiles/usr.lib.postfix.tlsmgr
/usr/share/apparmor/extra-profiles/usr.lib.postfix.trivial-rewrite
/usr/share/apparmor/extra-profiles/usr.lib.postfix.verify
/usr/share/apparmor/extra-profiles/usr.lib.postfix.virtual
/usr/share/apparmor/extra-profiles/usr.lib64.GConf.2.gconfd-2
/usr/share/apparmor/extra-profiles/usr.sbin.dhcpd
/usr/share/apparmor/extra-profiles/usr.sbin.dovecot
/usr/share/apparmor/extra-profiles/usr.sbin.httpd2-prefork
/usr/share/apparmor/extra-profiles/usr.sbin.imapd
/usr/share/apparmor/extra-profiles/usr.sbin.in.fingerd
/usr/share/apparmor/extra-profiles/usr.sbin.in.ftpd
/usr/share/apparmor/extra-profiles/usr.sbin.in.ntalkd
/usr/share/apparmor/extra-profiles/usr.sbin.ipop2d
/usr/share/apparmor/extra-profiles/usr.sbin.ipop3d
/usr/share/apparmor/extra-profiles/usr.sbin.lighttpd
/usr/share/apparmor/extra-profiles/usr.sbin.nmbd
/usr/share/apparmor/extra-profiles/usr.sbin.oidentd
/usr/share/apparmor/extra-profiles/usr.sbin.popper
/usr/share/apparmor/extra-profiles/usr.sbin.postalias
/usr/share/apparmor/extra-profiles/usr.sbin.postdrop
/usr/share/apparmor/extra-profiles/usr.sbin.postmap
/usr/share/apparmor/extra-profiles/usr.sbin.postqueue
/usr/share/apparmor/extra-profiles/usr.sbin.sendmail
/usr/share/apparmor/extra-profiles/usr.sbin.sendmail.postfix
/usr/share/apparmor/extra-profiles/usr.sbin.sendmail.sendmail
/usr/share/apparmor/extra-profiles/usr.sbin.smbd
/usr/share/apparmor/extra-profiles/usr.sbin.spamd
/usr/share/apparmor/extra-profiles/usr.sbin.squid
/usr/share/apparmor/extra-profiles/usr.sbin.sshd
/usr/share/apparmor/extra-profiles/usr.sbin.useradd
/usr/share/apparmor/extra-profiles/usr.sbin.userdel
/usr/share/apparmor/extra-profiles/usr.sbin.vsftpd
/usr/share/apparmor/extra-profiles/usr.sbin.xinetd
/usr/share/doc/apparmor-profiles/changelog.Debian.gz
/usr/share/doc/apparmor-profiles/copyright
/usr/share/lintian/overrides/apparmor-profiles

Changelog

2019-03-30 - intrigeri <intrigeri@debian.org>
apparmor (2.13.2-10) unstable; urgency=medium
* Don't load AppArmor policy when running in a Debian Live environment
that uses overlayfs (Closes: #922378).
Rationale: the storage stack set up by live-boot with overlayfs
is not supported by our AppArmor policy at the moment, resulting
in breakage of confined software such as Evince and LibreOffice.
* Ship nvidia_modprobe in enforce mode (Closes: #923273).
- Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
on #923273#32, profiles in complain mode can chew up essentially
unlimited amounts of non-swappable kernel memory and huge amounts
of IO bandwidth logging ALLOWED messages, which can in turn
use large amounts of storage. This is why Ubuntu has applied this change
already for their upcoming release.
- Scope of this change: in Buster, this profile is used in one single place
— the usr.lib.libreoffice.program.soffice.bin profile — for which it was
developed and tested in the first place. So the risk and potential
problematic impact of this change seems pretty low.
* Cherry-pick the most important and non-invasive fixes
from the upstream apparmor-2.13 maintenance branch:
- base abstraction: allow mr on *.so* in common library paths,
i.e. don't assume all common libraries' name starts with "lib".
At the very least, this fixes Qt5 applications under some
VirtualBox graphics configuration, where otherwise they would
not start at all (Closes: Tails#16414).
Upstream commits: 8dff7dc, 08f9d16
- Fix 2 segfaults spotted upstream while writing automated tests
for the multicache support (upstream MR!348):
· in overlaydirat_for_each, segfault caused by repeatedly freeing
the same memory area;
· when loading policy cache files, due to incorrect size passed
to qsort().
Upstream commits: 5704fba, 01aec04
2019-02-25 - intrigeri <intrigeri@debian.org>
apparmor (2.13.2-9) unstable; urgency=medium
* Revert "Add autopkgtest that checks if apparmor.service starts
on package installation". It passes with the schroot and qemu
backends locally but fails on ci.debian.net.
2019-02-24 - intrigeri <intrigeri@debian.org>
apparmor (2.13.2-8) unstable; urgency=medium
* Cherry-pick 5 more commits from upstream apparmor-2.13 branch
(Closes: #921866).
* Cherry-pick upstream MR!344 (Closes: #920833, #921888).
* Install the nvidia_modprobe named profile (Closes: #921875)
and add it to the list of profiles whose syntax is checked
via autopkgtests.
* Patch usr.sbin.smdb to include snippet generated at runtime
(part of the fix for #896080).
* New autopkgtest: ensure apparmor.service starts on
package installation.
* Update salsa CI pipeline.
2019-01-31 - intrigeri <intrigeri@debian.org>
apparmor (2.13.2-7) unstable; urgency=medium
* Stop shipping /var/cache/apparmor/CACHEDIR.TAG (Closes: #920682)
* New patches, cherry-picked from upstream !320, so the "audio"
abstraction grants read access to Alsa and libao config files
(Closes: #920669, #920670).
2019-01-28 - intrigeri <intrigeri@debian.org>
apparmor (2.13.2-6) unstable; urgency=medium
* initscript: implement missing aa_log_action_begin and
aa_log_action_end functions (Closes: #917962).

See Also

Package Description
apparmor-utils_2.13.2-10_i386.deb utilities for controlling AppArmor
apparmor_2.13.2-10_i386.deb user-space parser utility for AppArmor
appc-spec_0.8.11+dfsg-2+b11_i386.deb App Container Specification (appc) - tools
append2simg_8.1.0+r23-5_all.deb Transitional package
apper-data_1.0.0-2_all.deb KDE package management tool using PackageKit (data files)
apper_1.0.0-2_i386.deb KDE package management tool using PackageKit
appmenu-gtk-module-common_0.7.1-1_all.deb Common files for GtkMenuShell D-Bus exporter
appmenu-gtk2-module_0.7.1-1_i386.deb GtkMenuShell D-Bus exporter (GTK+2.0)
appmenu-gtk3-module_0.7.1-1_i386.deb GtkMenuShell D-Bus exporter (GTK+3.0)
appmenu-qt_0.2.6-2_i386.deb application menu for Qt
appmenu-registrar_0.7.1-1_i386.deb Appmenu DBusMenu registrar
approx_5.10-1_i386.deb caching proxy server for Debian archive files
appstream-doc_0.12.5-1_all.deb Developer documentation for AppStream
appstream-generator_0.7.7-1_i386.deb Generator for AppStream metadata
appstream-glib-doc_0.7.14-1_all.deb Developer documentation for the libappstream-glib library
Advertisement
Advertisement