Control: tag -1 + patch Hi,
[email protected] wrote (05 Apr 2013 13:35:49 GMT) : > I intend to start working today on a paragraph about Wheezy bringing > (optional) AppArmor support. Please review the attached patch. About pointing to wiki.d.o: I'm aware this is frown upon by the www team for good reasons, but I feel this case is special (they all say it, right?). Given the AppArmor support is quite minimal (not enabled by default, very few profiles shipped by packages) in Wheezy, I won't spend time writing detailed documentation for it *now*. So, I've just reorganized the AppArmor -related wiki pages to be an acceptable temporary landing place for end-users. If AppArmor is better supported in Jessie (which I intend to work on), then we should have dedicated documentation in a place and format that's nicer for translators. About sections: I wonder whether it would be better to have an "Improved security" section, with "Hardened programs" (current hardening section) and "AppArmor" as sub-section thereof. Thoughts? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
>From 029d77129ea0c692c2d4a939254cb2d9f86c4e97 Mon Sep 17 00:00:00 2001 From: intrigeri <[email protected]> Date: Fri, 5 Apr 2013 17:31:29 +0200 Subject: [PATCH] Add AppArmor section to the Release Notes. --- release-notes/en/whats-new.dbk | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/release-notes/en/whats-new.dbk b/release-notes/en/whats-new.dbk index d429d91..3ce553e 100644 --- a/release-notes/en/whats-new.dbk +++ b/release-notes/en/whats-new.dbk @@ -492,6 +492,23 @@ For more information on this feature refer to the information available in </para> </section> +<section id="apparmor"> + <title>AppArmor</title> + <para> + Debian 7.0 supports the AppArmor Mandatory Access Control system. + When enabled, AppArmor confines programs according to a set of rules that + specify what files a given program can access. This proactive approach helps + protecting the system against both known and unknown vulnerabilities. + </para> + + <para> + AppArmor is disabled by default in Debian 7.0. The &debian; wiki has <ulink + url="http://wiki.debian.org/AppArmor";>instructions</ulink> on how to use + this functionality. + </para> + +</section> + <section id="stable-updates"> <title>The stable-updates section</title> <para> -- 1.7.10.4
