squid should provide an apparmor profile

I'd suggest to integrate this patch into the package branch and submit a merge proposal as outlined in https://wiki.ubuntu.com/Bugs/HowToFix#merge-proposal.

Having the package with the apparmor profile available from a PPA would also help in testing it.

Per the suggestion from Mathias, I am working on a source branch and PPA. I have a "round 1" of the code and associated packages that I need to do more testing on before proceeding. Subscribers that care can find the PPA at https://launchpad.net/~jcpunk/+archive/squid-fix-497790

I should get some good testing in this week. When I've tested more I will follow through with the merge proposal.

I suggest you submit this profile to the apparmor-profiles project. This can be done by submitting your profile to the apparmor mailing list at https://lists.ubuntu.com/mailman/listinfo/apparmor.

Here is my own profile that works with Squid3 (squid2 is no longer in Precise). I run it in production but I do not use any external auth. A quick comparison with PatRiehecky's profile showed the my profile does not have <abstractions/consoles> and that might or might not be required by some external auth. My profile is compatible with squid-deb-proxy though (also used in prod).

@Jamie, considering I haven't tested my profile with external auth, do you recommend I send it to the Apparmor mailing list ?

Simon, I think that would be best yes. Others there can comment and we can get it into the apparmor-profiles repository and possibly consider shipping a disabled profile for squid.

Sent in https://lists.ubuntu.com/archives/apparmor/2012-May/002696.html. Thanks Jamie.

squid is no longer in Ubuntu. This should be targeted to squid3 instead.

This bug was fixed in the package squid3 - 3.1.19-1ubuntu4

---------------
squid3 (3.1.19-1ubuntu4) quantal; urgency=low

  * Add disabled by default AppArmor profile (LP: #497790)
    - debian/squid3.upstart: load profile in pre-start stanza
    - add debian/usr.sbin.squid3 profile
    - debian/rules:
      + install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
        etc/apparmor.d/disable into $(INSTALLDIR)
      + use dh_apparmor
    - debian/control: suggests apparmor (>= 2.3)
    - debian/squid3.install: install etc/apparmor.d/disable, force-complain
      and usr.sbin.squid3
    - debian/squid3.preinst: disable profile on clean install or upgrades
      from earlier than when we shipped the profile
 -- Jamie Strandboge <email address hidden> Wed, 13 Jun 2012 11:32:14 -0500