signals, IPC and ptrace for 13.04
Start mediation for signals, IPC and ptrace. When completed, users will be able to define AppArmor policy for these such that confined applications will only be able to send/receive signals, use IPC and ptrace other processes according to policy.
This is prerequisite work to be completed in https:/
Acceptance criteria for April:
- Goal: AppArmor developers can build on base labelling development to complete requirements for signals, IPC, ptrace, DBus, and LXC
- Goal: Users are able to write basic policy for signals and the mediation work
- Goal: Developers can update the parser and policy language for unix domain sockets
Blueprint information
- Status:
- Not started
- Approver:
- Jamie Strandboge
- Priority:
- Undefined
- Drafter:
- John Johansen
- Direction:
- Approved
- Assignee:
- John Johansen
- Definition:
- Approved
- Series goal:
- Accepted for raring
- Implementation:
- Deferred
- Milestone target:
- ubuntu-13.04-month-6
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
blocked items are largely done but finishing them is blocked on the extended perms/conditional work.
See https:/
Work Items
Work items:
[jjohansen] stacking, extend exec to have stacking transition - kernel (essential): BLOCKED
[jjohansen] fd passing - revalidate files at ipc (essential): POSTPONED
[jjohansen] fd passing - regression tests (essential): POSTPONED
[jjohansen] ext. mediation, signal, extend checks to kill hook - kernel: BLOCKED
[jjohansen] ext. mediation, signal, extend policy language - parser: BLOCKED
[jjohansen] ext. mediation, signal - parser tests: BLOCKED
[jjohansen] ext. mediation, signal - regression tests: BLOCKED
[jjohansen] ext. mediation, alt ns unix domain socket, labeling - kernel - deps labeling: BLOCKED
Dependency tree
* Blueprints in grey have been implemented.