Package: qtox Version: 1.16.3-1 Severity: wishlist Tags: upstream User: pkg-apparmor-t...@lists.alioth.debian.org Usertags: new-profile
Dear Maintainer, I'm happy to see that we now have qTox in Debian! Thanks to Maintainer! It would be even cooler to have it confined with AppArmor. qTox maintains connections to various untrusted peers over the world, and so it is important do reduce attack vector in case of RCE happens, brought by some untrusted packet, etc. We have some GUI packages on Debian that ship with AppArmor profile (like Thunderbird, or LibreOffice, Totem, etc), and I agree that experience with them might not be the best yet, as AppArmor really lacks some features to make GUI applications "better confinable" without making user struggle with denies... So due to that I will *suggest to ship this profile disabled by default*, so power users should enable it consciously with knowing the risks of having some inconveniences. I am interested to prepare AppArmor porfile for qTox by myself, as I use this application daily. The idea is to maintain profile, same as with Thunderbird, in external apparmor-profiles [0] repository, and sync it to Debian package once it is accepted in apparmor-profiles, after it's reviewed by AppArmor maintainers and/or contributors. [0] https://gitlab.com/apparmor/apparmor-profiles -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages qtox depends on: ii libavcodec58 7:4.1-1 ii libavdevice58 7:4.1-1 ii libavformat58 7:4.1-1 ii libavutil56 7:4.1-1 ii libc6 2.28-4 ii libcairo2 1.16.0-2 ii libexif12 0.6.21-5 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-7 ii libglib2.0-0 2.58.1-2 ii libgtk2.0-0 2.24.32-3 ii libopenal1 1:1.19.1-1 ii libqrencode4 4.0.2-1 ii libqt5core5a 5.11.3+dfsg-2 ii libqt5gui5 5.11.3+dfsg-2 ii libqt5network5 5.11.3+dfsg-2 ii libqt5svg5 5.11.3-2 ii libqt5widgets5 5.11.3+dfsg-2 ii libqt5xml5 5.11.3+dfsg-2 ii libsodium23 1.0.16-2 ii libsqlcipher0 3.4.1-1+b1 ii libstdc++6 8.2.0-13 ii libswscale5 7:4.1-1 ii libtoxcore2 0.2.8-1 ii libx11-6 2:1.6.7-1 ii libxss1 1:1.2.3-1 qtox recommends no packages. qtox suggests no packages. -- no debconf information
