[Apparmor-dev] Re: AppArmor 2.1 Feature Overview
Vincent Danen
vdanen at annvix.org
Tue Aug 14 23:51:59 MDT 2007
* S.?a??lar Onur <caglar at pardus.org.tr> [2007-08-14 14:35:39 +0300]:
[...]
>> o Support for Network Repository for profile storage
>>
>> The AppArmor profile tools now interact with local and remote repositories of
>> profiles to supply the user with profiles when profiles are needed for
>> applications and to allow central storage of AppArmor profiles accross
>> multiple machines.
>>
>> * Selecting profiles from a repository:
>> The user is prompted to select a profile from one or more users in the
>> network repository or from the local inactive profile repository
>> (/etc/apparmor/profiles/extras).
>>
>> * Storing profiles in a repository
>> The user has the option of storing profiles in a remote repository. The user
>> is reqiured to supply a username, password, and email address to
>> create/access an account on the repository server and then the
>> new/changed profiles can be stored on the remote server.
>
>Wonderfull news :)
>
>But it triggered another question in my mind, what about default profiles shipped with appArmor.
>Currently we are using some sed/awk magic to convert openSuse based profiles to Pardus specific ones
>and i think currently this is also what mandriva and ubuntu does.
>
>I'm sure this community based approach will solve lots of problems but i want to know what other distros
>(suse, ubuntu, mandriva) planning? Will you provide appArmor as just a abstraction and encourage your users to
>create their own profiles or will you provide feature-complete profile sets for your distros default installation?
I can't speak 100% for Mandriva, but I believe we will be shipping
profiles in the application packages themselves, instead of as a big
blob in one package (makes updating profiles later if required much
easier).
Annvix for sure will be using profiles inside packages. Although I like
the idea of the networked profile repository. That sounds really
interesting (if nothing else than for having one place for everything
and being able to cherry-pick from other distros).
--
Vincent Danen @ http://linsec.ca/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070814/6ea28b22/attachment.pgp
More information about the Apparmor-dev
mailing list