On Mon, 16 Feb 2026 at 12:09:18 +0100, intrigeri wrote:
my next step, as announced on that MR a while ago, is to remove
the AppArmor profile from the Debian package in sid: without
a collaborative effort upstream, there's no good way for me to keep
maintaining it for Debian, with an amount of effort that I can
justify.
I think that would be wise: this profile seems to be causing more
problems than it solves. I think the following bugs could be closed by
its removal:
https://bugs.debian.org/1128672
https://bugs.debian.org/1127710
https://bugs.debian.org/928178
https://bugs.debian.org/909281
https://bugs.debian.org/955380
https://bugs.debian.org/882218
https://bugs.debian.org/900210
https://bugs.debian.org/914403
https://bugs.debian.org/917613
https://bugs.debian.org/949450
https://bugs.debian.org/880424
https://bugs.debian.org/883245
https://bugs.debian.org/961269
and https://bugs.debian.org/949649 could either be closed or marked as
wontfix.
Given the profile is so widely open
In particular, it has
#include <abstractions/dbus-session>
which is a complete sandbox escape: lots of session services can be
asked to execute arbitrary code via D-Bus. It also has
owner @{HOME}/.{cache,config}/dconf/user rw,
which is a complete sandbox escape via any dconf/GSettings option that
can be configured to run arbitrary commands, for example GNOME's
desktop-wide custom keyboard shortcuts.
Given those, I think this profile has no security value, so its
cost/benefit ratio is very low (it has the usability costs of a security
policy, but not the security benefit).
smcv
