[Apparmor-dev] Network definitions in profile

[Lincoln Yeoh]

At 06:04 PM 12/4/2007, Markku Savela wrote:
>My vision for the profiles is that they should be generated by the
>application writers, and included in packages in signed
>repositories. An installer install the profile, and either refuse to
>install or install with some predefined default profile, if profile is
>missing.

>The idea is that application comes with clear statement what resources
>it intends to use (AppArmor profile). The repository maintainer or
>anyone looking at the package could view the profile and evaluate
>whether it is reasonable for the application in question.

I agree that this sort of thing is a better approach, a bit like 
"security by contract" :).

Would it be possible to have templates for such profiles? Either a 
template is a more high level description of a profile, or profiles 
are generalized to fit more apps that are similar.

The idea is to reduce the number of possible profiles for popular 
applications to a more manageable number of templates which normal 
users might be more able to cope with.

It may require a lot more standardization of apps - installation 
directories, temporary files, where to share read-only files with 
other apps, logging etc.

If such standardization is not possible (maybe only Apple could pull 
such a thing off), we might have to have trusted parties audit 
profiles (with corresponding app), labelling/classifying them (from 
maybe a dozen or so standard types) and then sign them. e.g. "Basic 
screensaver", "Guest applet", "web browser", "Administrator 
privileges", "Full user privileges". This is less desirable of course.

Regards,
Link.