Improve AppArmor usability in Ubuntu
AppArmor usability can be improved in Ubuntu, especially when considering profiles shipped in the default installation (eg cups, evince, firefox-3.5). Discuss methods to improve this, in particular:
* dealing with tunables and likewise-open
* reporting messages
* userspace tools
* profile creation
* documentation
Blueprint information
- Status:
- Complete
- Approver:
- Robbie Williamson
- Priority:
- High
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- Jamie Strandboge
- Definition:
- Approved
- Series goal:
- Accepted for lucid
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Whiteboard
Feedback jdstrand 2009-11-30: @{HOME} and likewise-open in https:/
Work items:
make user-space aware of tunables: POSTPONED
hook up apparmor to apport when alert messages appear: POSTPONED
modify user tools to get logs directly from the kernel: POSTPONED
update tools for directory load of tunables: POSTPONED
update tools for alias support (/usr): POSTPONED
add aa-decode and manpage: DONE
user-space notifications during dev cycle: DONE
Gobby notes:
Improve AppArmor usability in Ubuntu
- Profiles that are being shipped
- Tunables
- @HOME
- address with packaging vs. automatic vs. documentation and notification
- /usr (maybe as an alias)
- Notification
- User space tools
= Dealing with tunables =
Karmic is the first release that shipped a GUI application with a profile in enforcing mode. A problem turned up when users had a home directory that was not in the standard location. Likewise open puts the home directory in another location also.
Parser uses tunables, user space tools don't.
Two problem scenarios: People who upgrade with a non-standard home directory, and people who create users with non-standard home directories
If using automatic mode to resolve HOME tunable:
- hook via upgrades, user-add, package install, explicitly flagged
- pam module could compare home dir to tunable?
- throw up warning, set error
- parse output of /etc/passwd (not getent to avoid giant nss databases)
- use gdm's method for identifying non-system users
- Have a debconf preseedable setting of the ${HOMEDIRS} tunable
Tools
- update for tunables
- update for directory load
- alias support in tools (/usr)
= Notifications =
- low-detail for desktop users and rate-limited
- tracks apport enablement (like kernel oops)
- logwatch plugin
- munin plugin
- maybe use update-notifier, which has desktop and server hooks already?
== Profile updates ==
- editing profiles causes packaging conflicts
- Include directories
- Should modify mysql config file to add an apparmor warning - i wouldn't say that's needed since then we should do that for any other change in mysql (if you change datadir, you need to move bla bla bla)
== user space tools ==
- It would be nice if the user space tools could capture logs directly from the kernel instead of having apparmor log the regular way
- User tools to suggest new abstractions