diff options
Diffstat (limited to 'debian/README.apparmor')
| -rw-r--r-- | debian/README.apparmor | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/README.apparmor b/debian/README.apparmor new file mode 100644 index 0000000000..3974689953 --- /dev/null +++ b/debian/README.apparmor @@ -0,0 +1,30 @@ +AppArmor policy +--------------- + +The thunderbird package includes an AppArmor profile +(/etc/apparmor.d/usr.bin.thunderbird). This profile is disabled by +default because it has to break a number of common use cases in order +to provide meaningful application confinement. + +If you want to trade additional security against potential +functionality breakage, you can enable this profile by running: + + sudo rm /etc/apparmor.d/disable/usr.bin.thunderbird && \ + sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.thunderbird + +To display the current state of the Thunderbird profile, run: + + sudo apt install jq && \ + sudo aa-status --pretty-json | jq .profiles.thunderbird + +To debug issues with this AppArmor profile, see: + + https://wiki.debian.org/AppArmor/Debug + +This AppArmor profile is maintained collaboratively, in +a cross-distribution manner, within the AppArmor upstream project. +You can report issues or propose improvements there: + + https://gitlab.com/apparmor/apparmor-profiles + + -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 3 Dec 2017 18:03:00 +0200 |