[Apparmor-dev] AppArmor Development
John Johansen
jjohansen at suse.de
Mon Nov 3 15:12:48 MST 2008
Jacob I Torrey wrote:
> To Whom It May Concern,
> I have been a very happy user of AppArmor, and have been teaching
> others, doing presentations on it and all around thinking it's a great
> step in the right direction. Reading today on a number of blogs and news
> sites that AppArmor is 'dieing' since Novell has stopped actively
> pursuing it made me a little wary that it might fade from the
> mainstream. I'm a CS student, and I would like to offer my support to
> this project, I know very little about AppArmor, but know the basics of
> kernel modules, and the concepts behind AppArmor. I would love a little
> guidance as to where I should start reading, or how I can help.
>
Jacob,
Welcome to AppArmor and thanks for your offer of help, it is always welcome.
First up I would like to address that Novell isn't actively pursuing
AppArmor anymore. Novell is providing development resources and is
still working towards upstreaming AppArmor. What it isn't doing is
funding a whole team of developers. Many of the developers that used to
be part of the AppArmor team are still hanging around but have limited
time to contribute as they have other full time jobs and family.
AppArmor's development has certainly slowed, but development continues.
I fact this week I was am going to kick out the first in a series of
emails about AppArmor 2.4/3.0 development, so your timing couldn't be
better.
As to how you can help or where to start, that depends some what on your
interests. There is work that needs to be done on the kernel, the
support libraries, user side utilities, repository, documentation,
testing, and even design.
Where I suggest you start is with the design doc, and getting involved
in the coming 2.4 development discussion. Moving beyond that it is
going to depend a lot on you. If you are more interested in high level
programming I would recommend looking at something simple and isolated
to start. Like updating the gnome applet, or creating a kde applet.
If your interests lie more in the kernel side of things, I would start
with just browsing through the module code and asking questions. And
then look at providing a functional extension like improving apparmorfs
introspection, being able to browse each loaded profile and dump its
contents would be immensely useful. If that isn't your cup of tea,
there is going to be other work, from networking, ipc, enhanced file
mediation, logging, ...
If you are more interested in tool development, you can look at, the
utils directory, and specifically SubDomain.pm which the backend for
logprof and genprof. There is a lot of work that can be done here, from
improving interaction and flow of profiling. To abstracting the
underneath bits.
cheers
john
More information about the Apparmor-dev
mailing list