[Apparmor-dev] apparmor architecture
John Johansen
jjohansen at suse.de
Thu Aug 2 10:17:53 MDT 2007
On Thu, Aug 02, 2007 at 03:38:55PM +0500, shahbaz khan wrote:
> I am starting some work on apparmor and need to know how its
> implemented. I studied the design of subdomain and now would like to
> know how apparmor is redesigned to facilitate with lsm. Refference to
Currently the best documentation is the techdoc.pdf available at
http://forge.novell.com/modules/xfmod/project/?apparmor
In brief what the apparmor rewrite has done is extend the LSM so that
the vfsmnt is passed in consistently which is needed to do proper
name mediation.
> a detail document will do fine. A diagramatic representation makes it
> much easier which I could not find at all!
There is no diagramatic representation that I am aware of
>
> How deeply has apparmor gone with the network controls?
>
Currently apparmor is only doing simple screening based off of the
network family and socket type. In the not too distant future
apparmor will be using secmark for its mediation.
regards
john
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070802/3420db5d/attachment.pgp
More information about the Apparmor-dev
mailing list