summaryrefslogtreecommitdiffstats
path: root/debian/README.apparmor
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:33:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:33:31 +0000
commita820a96849e295d4abc6238a01c650bf3663b774 (patch)
treebcebc68af266bfcc779f699ad3d5eeb05b067216 /debian/README.apparmor
parentAdding upstream version 1:115.7.0. (diff)
downloadthunderbird-a820a96849e295d4abc6238a01c650bf3663b774.tar.xz
thunderbird-a820a96849e295d4abc6238a01c650bf3663b774.zip
Adding debian version 1:115.7.0-1~deb12u1.debian/1%115.7.0-1_deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/README.apparmor')
-rw-r--r--debian/README.apparmor30
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/README.apparmor b/debian/README.apparmor
new file mode 100644
index 0000000000..3974689953
--- /dev/null
+++ b/debian/README.apparmor
@@ -0,0 +1,30 @@
+AppArmor policy
+---------------
+
+The thunderbird package includes an AppArmor profile
+(/etc/apparmor.d/usr.bin.thunderbird). This profile is disabled by
+default because it has to break a number of common use cases in order
+to provide meaningful application confinement.
+
+If you want to trade additional security against potential
+functionality breakage, you can enable this profile by running:
+
+ sudo rm /etc/apparmor.d/disable/usr.bin.thunderbird && \
+ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.thunderbird
+
+To display the current state of the Thunderbird profile, run:
+
+ sudo apt install jq && \
+ sudo aa-status --pretty-json | jq .profiles.thunderbird
+
+To debug issues with this AppArmor profile, see:
+
+ https://wiki.debian.org/AppArmor/Debug
+
+This AppArmor profile is maintained collaboratively, in
+a cross-distribution manner, within the AppArmor upstream project.
+You can report issues or propose improvements there:
+
+ https://gitlab.com/apparmor/apparmor-profiles
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 3 Dec 2017 18:03:00 +0200