[Apparmor-dev] Towards AppArmor 3.0

John Johansen jjohansen at suse.de
Thu Dec 4 23:42:49 MST 2008 

Well this list has been quiet for far to long.  With the incremental
release of AppArmor 2.3 coming to a close soon (a new beta is finally
coming), it is time to start planning for the future.

The next major version of AppArmor will be version 3.0, with the potential
for a 2.4 bridge release before 3.0 hits.  AppArmor 2.4 if it happens will
pickup the stable features of 3.0, and try to maintain backwards
compatibility with 2.3.

A very broad set of goal for AppArmor 3 are
- expand useful senarios
- provide for finer grained mediation where needed
- provide mediation of network and ipc
- Remain as simple to use as possible

Providing expanded mediation is going to likely cause some minor breaks
in compatability, and as such I would like to explore if there are any
other changes that would be benefical as well.  While I don't expect a
lot will change, at this point everything is on the table for reevaluation.

Over the next few weeks I will be sending out emails to apparmor-dev
breaking out planned/potential features into hopefully discrete discussion
points, eg. profile layout, networking, ipc, ...

For the 3.0 development cycle, there are going to be some changes coming.
AppArmor 2.3 will get its own maintained branch and svn head will become
the development branch.

For 3.0 I would like to throw out the idea of pruning back the svn tree
to the bare minimum, and add components back in as they get
updated/developed.  This will make it clear what should be at least
partly working in the current development.  This would mean that the
utils, profiles, and some of the management components would disappear
from the development tree (though would still exist in the 2.3 branch)
for a while.

Another change for 3.0 is I would like to see development releases be made
as new major features come online.  This will enable broader testing
and discussion of the changes being made.

As always any and all feed back, and discussion is welcome.  If you have
an idea or feature you would like to see, please don't hesitate to join
into the discussion, or email me privately.


john

More information about the Apparmor-dev mailing list