Ubuntu

AppArmor base labelling work for 13.03

Registered by Jamie Strandboge on 2013-03-01

Finish base labelling work for AppArmor. When completed, this will provide the necessary support for separate host and namespace AppArmor profiles (required for LXC) as well as the foundation for IPC, signals, networking and environment filtering mediation. This is in support of Client, Application Development and Server&Cloud.

When completed, work on IPC, signals, networking and environment filtering mediation can start.

Blueprint information

Status:: Complete

Approver:: Jamie Strandboge

Priority:: High

Drafter:: John Johansen

Direction:: Approved

Assignee:: John Johansen

Definition:: Approved

Series goal:: Accepted for raring

Implementation:: Implemented

Milestone target:: ubuntu-13.04-month-5

Started by: Jamie Strandboge on 2013-03-08

Completed by: Jamie Strandboge on 2013-03-28

Related branches

Related bugs

Sprints

Whiteboard

'stacking, extend policy language - parser' is postponed to April (due to high kernel security reactive load in March).
'stacking, extend exec to have stacking transition - kernel' postponed to April (completion blocked on dependency on 'stacking, extend policy language - parser, and high kernel security reactive load in March)

(?)

Work Items

Work items:
[jjohansen] aa-namespaces, interface - libapparmor (essential) (1): DONE
[jjohansen] aa-namespaces, interface - util aa-namespace (essential) (1): DONE
[jjohansen] aa-namespaces, interface - documentation/man pages for util (essential) (0.5): DONE
[jjohansen] stacking, update kernel interface to report compound profile name - kernel (essential) (2): DONE
[jjohansen] stacking, extend exec to have stacking transition - kernel (essential) (5): POSTPONED
[jjohansen] stacking, handle rlimit composition - kernel (essential) (1): DONE
[jjohansen] stacking, api to stacking - libapparmor (1): DONE
[jjohansen] stacking, extend policy language - parser (essential) (4): POSTPONED
[jjohansen] labeling, attach implicit sets to objects - kernel (essential) (2): DONE
[jjohansen] labeling, subset test task to object label set - kernel (essential) (2): DONE
[jjohansen] labeling, fallback for hooks where labels can't be used - kernel (essential) (2): DONE
[jjohansen] labeling, revalidation fallback when label doesn't match - kernel (essential) (2): DONE
[jjohansen] labeling, interface to introspect labels - kernel (essential) (3): DONE

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

Ubuntu Security Team