Package: ejabberd Version: 17.08-3 Severity: wishlist User: pkg-apparmor-t...@lists.alioth.debian.org Usertags: new-profile
Dear Maintainer, I have seen call for help maintaining this package [0], and thought that one way to help with that is by upstreaming AppAmror profile to `apparmor-profiles` [1], and then handle AppArmor related issues via usertags to notify AppArmor community that help is needed in that regard. In this way, AppArmor profile changes and improvements could be reviewed and improved by AppArmor team, while sharing with other distributions too, using `apparmor-profiles` repository as central point. The story could go like this: * Someone (it could do that) proposes merge request into `apparmor-profiles` repository. I see that current profile up there did not have any serious update since froever, and is divergerd from Debian one. * Once it's there, new bugs against ejabberd that has to do with AppArmor profile should be usertagged with `help-needed`, `buggy-profile` or similar as described in Debian AppArmor Wiki [2]. Debian AppArmor community will see that via mailing list and could act to fix issue by pushing merge request into upstream `apparmor-profiles`. * Once fix is reviewed and accepted by upstream AppArmor team, profile can be imported into ejabberd Vcs-Git by ejabberd maintainer. This scenario is being appleid with Thunderbird profile recently. I believe our (Debian) AppArmor maintainer intrigeri has access to upload AppArmor-related stuff into Thunderbird repository by himself directly. Since Debian has ongoing experiment to have AppArmor enabled by default in Buster, I believe it would be usefull to have AppArmor profile made good enought to be enabled by default for this internet-facing daemon too. Maybe this suggestion could make this possible? [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767874 [1] https://gitlab.com/apparmor/apparmor-profiles [2] https://wiki.debian.org/AppArmor/Reportbug#Usertags -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages ejabberd depends on: ii adduser 3.116 ii debconf [debconf-2.0] 1.5.65 ii erlang-asn1 1:20.1.7+dfsg-1 ii erlang-base [erlang-abi-17.0] 1:20.1.7+dfsg-1 ii erlang-crypto 1:20.1.7+dfsg-1 ii erlang-inets 1:20.1.7+dfsg-1 ii erlang-jiffy 0.14.11+dfsg-2 ii erlang-lager 3.5.2-1 ii erlang-mnesia 1:20.1.7+dfsg-1 ii erlang-odbc 1:20.1.7+dfsg-1 ii erlang-p1-cache-tab 1.0.12-1 ii erlang-p1-iconv 1.0.6-1 ii erlang-p1-stringprep 1.0.10-1 ii erlang-p1-tls 1.0.17-1 ii erlang-p1-utils 1.0.10-1 ii erlang-p1-xml 1.1.25-1 ii erlang-p1-xmpp 1.1.16-1 ii erlang-p1-yaml 1.0.12-1 ii erlang-p1-zlib 1.0.3-1 ii erlang-public-key 1:20.1.7+dfsg-1 ii erlang-ssl 1:20.1.7+dfsg-1 ii erlang-syntax-tools 1:20.1.7+dfsg-1 ii erlang-xmerl 1:20.1.7+dfsg-1 ii init-system-helpers 1.51 ii lsb-base 9.20170808 ii openssl 1.1.0g-2 ii ucf 3.0036 ejabberd recommends no packages. Versions of packages ejabberd suggests: ii apparmor 2.11.1-4 ii apparmor-utils 2.11.1-4 pn ejabberd-contrib <none> pn erlang-luerl <none> pn erlang-p1-mysql <none> pn erlang-p1-oauth2 <none> pn erlang-p1-pam <none> pn erlang-p1-pgsql <none> pn erlang-p1-sip <none> pn erlang-p1-sqlite3 <none> pn erlang-p1-stun <none> pn erlang-redis-client <none> ii imagemagick 8:6.9.7.4+dfsg-16 ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-16 pn libunix-syslog-perl <none> pn yamllint <none> -- Configuration Files: /etc/apparmor.d/usr.sbin.ejabberdctl changed [not included] /etc/ejabberd/inetrc [Errno 13] Permission denied: '/etc/ejabberd/inetrc' /etc/ejabberd/modules.d/README.modules [Errno 13] Permission denied: '/etc/ejabberd/modules.d/README.modules' -- debconf information excluded
