The packaging for apparmor looks fine. I don't see where you actually install the apport hook in debian/rules though.
Unless you need access to ~/.mozilla, I suggest simply doing:
+ #include <abstractions/private-files-strict>
Instead of:
+ #include <abstractions/private-files>
+ audit deny @{HOME}/.ssh/** mrwkl,
+ audit deny @{HOME}/.gnome2_private/** mrwkl,
+
+ # comment this out if using gpg plugin/addons
+ audit deny @{HOME}/.gnupg/** mrwkl,
If you do need access to .mozilla for something, then what you have is fine, though I wonder why you need access to all of $HOME rather than just the ~/Ubuntu One directory.
The packaging for apparmor looks fine. I don't see where you actually install the apport hook in debian/rules though.
Unless you need access to ~/.mozilla, I suggest simply doing:
+ #include <abstractions/ private- files-strict>
Instead of: private- files> /.gnome2_ private/ ** mrwkl,
+ #include <abstractions/
+ audit deny @{HOME}/.ssh/** mrwkl,
+ audit deny @{HOME}
+
+ # comment this out if using gpg plugin/addons
+ audit deny @{HOME}/.gnupg/** mrwkl,
If you do need access to .mozilla for something, then what you have is fine, though I wonder why you need access to all of $HOME rather than just the ~/Ubuntu One directory.