Application Confinement (Display Manager)
Begin implementation strategy for mediating display manager rights with AppArmor. While it is understood that different display managers/servers will require updates and/or design for AppArmor integration, the AppArmor kernel and userspace portions should be display manager-agnostic. Session not required-- work being carried over from previous sprints.
Blueprint information
- Status:
- Complete
- Approver:
- Jamie Strandboge
- Priority:
- High
- Drafter:
- John Johansen
- Direction:
- Approved
- Assignee:
- Steve Beattie
- Definition:
- Approved
- Series goal:
- Accepted for raring
- Implementation:
-
Implemented
- Milestone target:
-
ubuntu-13.04
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Whiteboard
For monthly planning purposes, some work items were broken out into the following:
https:/
Not completed/blocked work items moved to:
https:/
Work Items
Work items:
[jdstrand] define display manager security requirements (high) (1): DONE
[sbeattie] review design and implementation problems with X (high) (5): DONE
[sbeattie] review alternative display manager designs (eg wayland, etc) (high) (5): DONE
[sbeattie] review prior art/other OS' implementations for confining client applications (high) (5): DONE
[sbeattie] based on the above, identify ideal security design and augment display manager security requirements if needed (high) (2): DONE
[jjohansen] review/approve display manager security requirements from jdstrand and sbeattie (high) (1): DONE
[jjohansen] prototype display manager policy language (high) (2): DONE
[jjohansen] handover test display server implementation to sbeattie (high) (3): DONE
[sbeattie] get test display server implementation building (high) (15): DONE
