[Apparmor-general] Features vs Roadmap
Mitnyan.Manuel at hydro.qc.ca
Mitnyan.Manuel at hydro.qc.ca
Wed Feb 27 15:49:13 MST 2008
Hi,
I can't find any roadmap for the project, only mailing list thread talking about new/future functionnality. Is there is one ?
We need two feature that do not exist yet on apparmor. My concern is if they are already schedule do be done one day and if not where can I suggest them.
Just in case the mailing list is the good place, here is the two feature we looking for:
1-Ability to discriminate/exclude permission
Examples of what it can look like to exclude permissions on directories and files
#With nothing to mean no permissions
/** r,
/noaccesstothatdirectrory ,
/noaccesstothatdirectrory/** ,
so the behavior can be: 'ls /bla' = OK, 'ls /noaccesstothatdirectrory/*' = ERROR.
or
#With a bang to say exclude permissions
/** rw,
/noaccesstothatdirectrory !w,
/noaccesstothatdirectrory/** !w,
so the behavior can be: 'echo > /bla.txt' = OK, 'echo /noaccesstothatdirectrory/bla.txt' = ERROR.
2-Validation about the parameters
It can be good to have the granularity of the parameters permit on executable files. Regex can be a nice addon on same time ...
Example:
/usr/bin/crontab -l rix, #Only right to list crontab
or with regex ...
/bin/su - [user1][user2] #su OK but only to user1 or user2
I wish it can be added one day. ... At least on the roadmap.
Tks.
Manuel Mitnyan
Exploitation de la sécurité des Technologies de l'Information " ESTI "
Direction Gestion des Infrastructure Technologique " DGIT "
Courriel: Mitnyan.Manuel at Hydro.qc.ca
Hydro-Québec 800, Boul. Maisonneuve Est, 16e étage
Montréal (Qc) H2L 4M8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://forge.novell.com/pipermail/apparmor-general/attachments/20080227/79c63279/attachment.html
More information about the Apparmor-general
mailing list