From: smcv@debian.org   
      
   On Mon, 16 Feb 2026 at 12:09:18 +0100, intrigeri wrote:   
   >my next step, as announced on that MR a while ago, is to remove   
   >the AppArmor profile from the Debian package in sid: without   
   >a collaborative effort upstream, there's no good way for me to keep   
   >maintaining it for Debian, with an amount of effort that I can   
   >justify.   
      
   I think that would be wise: this profile seems to be causing more   
   problems than it solves. I think the following bugs could be closed by   
   its removal:   
      
   https://bugs.debian.org/1128672   
   https://bugs.debian.org/1127710   
   https://bugs.debian.org/928178   
   https://bugs.debian.org/909281   
   https://bugs.debian.org/955380   
   https://bugs.debian.org/882218   
   https://bugs.debian.org/900210   
   https://bugs.debian.org/914403   
   https://bugs.debian.org/917613   
   https://bugs.debian.org/949450   
   https://bugs.debian.org/880424   
   https://bugs.debian.org/883245   
   https://bugs.debian.org/961269   
      
   and https://bugs.debian.org/949649 could either be closed or marked as   
   wontfix.   
      
   >Given the profile is so widely open   
      
   In particular, it has   
      
      #include    
      
   which is a complete sandbox escape: lots of session services can be   
   asked to execute arbitrary code via D-Bus. It also has   
      
      owner @{HOME}/.{cache,config}/dconf/user rw,   
      
   which is a complete sandbox escape via any dconf/GSettings option that   
   can be configured to run arbitrary commands, for example GNOME's   
   desktop-wide custom keyboard shortcuts.   
      
   Given those, I think this profile has no security value, so its   
   cost/benefit ratio is very low (it has the usability costs of a security   
   policy, but not the security benefit).   
      
        smcv   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)