Package: firefox Severity: normal
Hi, as you might know, AppArmor confines programs according to a set of rules that specify what files a given program can access. This approach helps protect the system against both known and unknown vulnerabilities. In several distributions such as Ubuntu or Tails, AppArmor is enabled by default. I've not been able to find such a profile in the current Firefox package. There is an AppArmor profile for Firefox available upstream: https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/firefox/vivid/view/head:/debian/usr.bin.firefox.apparmor.10.04 (this is the upstream profile which has been integrated into Ubuntu's packaging of Firefox). This profile is only active if people have installed AppArmor in first case, so it should never break the package for users without AppArmor. The profile can be included in your packaging quite easily. All the necessary steps are documented here: https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport Please also see examples in the packages torbrowser-launcher or in Icedove (https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/tree/debian). Please let me know if you need help. Cheers! ulrike