[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#704754: release-notes: [wheezy] mention AppArmor support

Control: tag -1 + patch


intrigeri@debian.org wrote (05 Apr 2013 13:35:49 GMT) :
> I intend to start working today on a paragraph about Wheezy bringing
> (optional) AppArmor support.

Please review the attached patch.

About pointing to wiki.d.o: I'm aware this is frown upon by the www
team for good reasons, but I feel this case is special (they all say
it, right?). Given the AppArmor support is quite minimal (not enabled
by default, very few profiles shipped by packages) in Wheezy, I won't
spend time writing detailed documentation for it *now*. So, I've just
reorganized the AppArmor -related wiki pages to be an acceptable
temporary landing place for end-users. If AppArmor is better supported
in Jessie (which I intend to work on), then we should have dedicated
documentation in a place and format that's nicer for translators.

About sections: I wonder whether it would be better to have an
"Improved security" section, with "Hardened programs" (current
hardening section) and "AppArmor" as sub-section thereof. Thoughts?

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

>From 029d77129ea0c692c2d4a939254cb2d9f86c4e97 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Fri, 5 Apr 2013 17:31:29 +0200
Subject: [PATCH] Add AppArmor section to the Release Notes.

 release-notes/en/whats-new.dbk |   17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/release-notes/en/whats-new.dbk b/release-notes/en/whats-new.dbk
index d429d91..3ce553e 100644
--- a/release-notes/en/whats-new.dbk
+++ b/release-notes/en/whats-new.dbk
@@ -492,6 +492,23 @@ For more information on this feature refer to the information available in
+<section id="apparmor">
+  <title>AppArmor</title>
+  <para>
+    Debian 7.0 supports the AppArmor Mandatory Access Control system.
+    When enabled, AppArmor confines programs according to a set of rules that
+    specify what files a given program can access. This proactive approach helps
+    protecting the system against both known and unknown vulnerabilities.
+  </para>
+  <para>
+    AppArmor is disabled by default in Debian 7.0. The &debian; wiki has <ulink
+    url="http://wiki.debian.org/AppArmor";>instructions</ulink> on how to use
+    this functionality.
+  </para>
 <section id="stable-updates">
   <title>The stable-updates section</title>

Reply to: