[Apparmor-dev] AppArmor 2.3 Delayed

[John Johansen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am sad to say that AppArmor 2.3 just isn't ready yet and is being
delayed.  A new beta release target hasn't been set yet, and this
opens the window for feature creep, as there were several features
that I would have liked to see in 2.3 but where just short of the
cut.

The question I have is should AppArmor 2.3 be delayed even further
to accomadate any of the following features.

- - generic x transition model.  Expands on basic px, ux, ix transitions
  allowing specifying transitions to a specific profile or namespace,
  or even a list of preferences.

  eg.
    /bin/grep -> special:/bin/grep,

- - mount rules.  Currently mount operations are forbidden, mount rules
  allow adding selective mount operations.

- - signal mediation.  currently signals are not mediated but should
  be.

- - generic ipc.  Better control over all ipc mechanisms.

- - bind based network rules.  This is a further step along the
  road to full network mediation that allows control of network
  based on the application socket.  This provides tighter control
  over what can be connected to and what ports can be accepted
  on but it isn't sufficient to provide tight controls on
  where packets are received from, or where unconnected udp packets
  are sent.

All of these features are desirable, and hopefully all of them will
show up in a release this year.  The only question being if any of
them should be focused on and show up in the 2.3 release, or whether
they should wait for the 2.4 release, in 6 months or so.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHxJkSi/GH5xuqKCcRAidtAJ0QaHfjg2eum9+XZAlEzlJAFUmPWQCeN/jc
AImgv8VuARdbxbXt/adZJiE=
=KC3H
-----END PGP SIGNATURE-----