[Apparmor-dev] AppArmor Development
Jacob I. Torrey
torreyji at clarkson.edu
Mon Nov 3 15:33:50 MST 2008
John,
It's good to hear that there is still progress being made. I guess I
can start on the user-land side of things, as I'm more comfortable
there, and hopefully move further down as I get more comfortable. I also
have heard the desire from a few users to make a directory context, so
that apparmor can restrict untrusted user's self compiled apps. For
example, if I have a server, and I give Jim access, who decides to go on
a rampage against my system, I would be able to define a default,
restrictive profile for /home/** or /tmp/**. Not sure if that's an
interesting idea or not, but it might be a nice feature.
I look forward to reading more about how AppArmor is going to evolve!
Jacob
John Johansen wrote:
> Jacob I Torrey wrote:
>
>> To Whom It May Concern,
>> I have been a very happy user of AppArmor, and have been teaching
>> others, doing presentations on it and all around thinking it's a great
>> step in the right direction. Reading today on a number of blogs and news
>> sites that AppArmor is 'dieing' since Novell has stopped actively
>> pursuing it made me a little wary that it might fade from the
>> mainstream. I'm a CS student, and I would like to offer my support to
>> this project, I know very little about AppArmor, but know the basics of
>> kernel modules, and the concepts behind AppArmor. I would love a little
>> guidance as to where I should start reading, or how I can help.
>>
>>
> Jacob,
>
> Welcome to AppArmor and thanks for your offer of help, it is always welcome.
>
> First up I would like to address that Novell isn't actively pursuing
> AppArmor anymore. Novell is providing development resources and is
> still working towards upstreaming AppArmor. What it isn't doing is
> funding a whole team of developers. Many of the developers that used to
> be part of the AppArmor team are still hanging around but have limited
> time to contribute as they have other full time jobs and family.
>
> AppArmor's development has certainly slowed, but development continues.
> I fact this week I was am going to kick out the first in a series of
> emails about AppArmor 2.4/3.0 development, so your timing couldn't be
> better.
>
> As to how you can help or where to start, that depends some what on your
> interests. There is work that needs to be done on the kernel, the
> support libraries, user side utilities, repository, documentation,
> testing, and even design.
>
> Where I suggest you start is with the design doc, and getting involved
> in the coming 2.4 development discussion. Moving beyond that it is
> going to depend a lot on you. If you are more interested in high level
> programming I would recommend looking at something simple and isolated
> to start. Like updating the gnome applet, or creating a kde applet.
>
> If your interests lie more in the kernel side of things, I would start
> with just browsing through the module code and asking questions. And
> then look at providing a functional extension like improving apparmorfs
> introspection, being able to browse each loaded profile and dump its
> contents would be immensely useful. If that isn't your cup of tea,
> there is going to be other work, from networking, ipc, enhanced file
> mediation, logging, ...
>
> If you are more interested in tool development, you can look at, the
> utils directory, and specifically SubDomain.pm which the backend for
> logprof and genprof. There is a lot of work that can be done here, from
> improving interaction and flow of profiling. To abstracting the
> underneath bits.
>
>
> cheers
> john
> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev
>
>
More information about the Apparmor-dev
mailing list