Bug#704754: release-notes: [wheezy] mention AppArmor support
Control: tag -1 + patch
firstname.lastname@example.org wrote (05 Apr 2013 13:35:49 GMT) :
> I intend to start working today on a paragraph about Wheezy bringing
> (optional) AppArmor support.
Please review the attached patch.
About pointing to wiki.d.o: I'm aware this is frown upon by the www
team for good reasons, but I feel this case is special (they all say
it, right?). Given the AppArmor support is quite minimal (not enabled
by default, very few profiles shipped by packages) in Wheezy, I won't
spend time writing detailed documentation for it *now*. So, I've just
reorganized the AppArmor -related wiki pages to be an acceptable
temporary landing place for end-users. If AppArmor is better supported
in Jessie (which I intend to work on), then we should have dedicated
documentation in a place and format that's nicer for translators.
About sections: I wonder whether it would be better to have an
"Improved security" section, with "Hardened programs" (current
hardening section) and "AppArmor" as sub-section thereof. Thoughts?
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
>From 029d77129ea0c692c2d4a939254cb2d9f86c4e97 Mon Sep 17 00:00:00 2001
From: intrigeri <email@example.com>
Date: Fri, 5 Apr 2013 17:31:29 +0200
Subject: [PATCH] Add AppArmor section to the Release Notes.
release-notes/en/whats-new.dbk | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/release-notes/en/whats-new.dbk b/release-notes/en/whats-new.dbk
index d429d91..3ce553e 100644
@@ -492,6 +492,23 @@ For more information on this feature refer to the information available in
+ Debian 7.0 supports the AppArmor Mandatory Access Control system.
+ When enabled, AppArmor confines programs according to a set of rules that
+ specify what files a given program can access. This proactive approach helps
+ protecting the system against both known and unknown vulnerabilities.
+ AppArmor is disabled by default in Debian 7.0. The &debian; wiki has <ulink
+ url="http://wiki.debian.org/AppArmor">instructions</ulink> on how to use
+ this functionality.
<title>The stable-updates section</title>