Ubuntu

Work for application confinement for Ubuntu application ecosystem

Registered by Jamie Strandboge

Work for application confinement for Ubuntu application ecosystem

Blueprint information

Status:
Started
Approver:
Marc Deslauriers
Priority:
High
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
Jamie Strandboge
Definition:
Approved
Series goal:
Accepted for trusty
Implementation:
Started
Milestone target:
milestone icon ubuntu-14.02
Started by
Jamie Strandboge

Related branches

Sprints

Whiteboard

(?)

Work Items

Work items for ubuntu-13.11:
[mdeslaur] review/finalize scopes confinement design: DONE
[jdstrand] add image tests for click-apparmor: DONE

Work items for ubuntu-13.12:
[jdstrand] rev policy for ubuntu-sdk-14.04: DONE
[jdstrand] add image tests for apparmor-easyprof-ubuntu: DONE
[tyhicks] cherrypick sbeattie's parser improvements: DONE
[jdstrand] adjust aa-exec-click to support fat packages: DONE
[jdstrand] adjust aa-exec-click to set QML2_IMPORT_PATH and LD_LIBRARY_PATH for fat packages: DONE

Work items for ubuntu-14.01:
[jdstrand] review remote aggregating scopes requirement: DONE
[sbeattie] investigate enabling the differential compression algorithm/tree simplification patches for parser speedups: DONE

Work items for ubuntu-14.02:
[jdstrand] iterate on InfographicConfinement: DONE
[jdstrand] adjust QRT/scripts/test-click-apparmor.py for autopkgtests: DONE
[jdstrand] add Unity desktop policy abstractions to apparmor: DONE
[jdstrand] add autopkgtests to click-apparmor: DONE
[jdstrand] add autopkgtests to apparmor-easyprof-ubuntu: DONE

Work items for ubuntu-14.03:
[jdstrand] adjust click-reviewers-tools for multiple frameworks and ubuntu-sdk-14.04*: DONE
[jdstrand] adjust click-apparmor for ubuntu-sdk-14.04* and multiple frameworks: DONE
[jdstrand] add query interface to click-apparmor: DONE
[mdeslaur] review InfographicConfinement: DONE
[jdstrand] move hardware/ snippets to lxc-android-config (ie, finish LP: #1197133): POSTPONED
[seth-arnold] review scopes proxy: POSTPONED
[jdstrand] write ubuntu-scope-filesystem apparmor template: POSTPONED
[jdstrand] write ubuntu-scope-network apparmor template: POSTPONED
[jdstrand] add policy group override (blacklist) functionnality: POSTPONED
[jdstrand] add policy for InfographicConfinement: POSTPONED

Work items for later:
[sbeattie] handle easyprof policy verification when apparmor is not enabled/available: POSTPONED
[jdstrand] create a policy group override daemon: POSTPONED
[jdstrand] create a policy group override GUI: POSTPONED
[jdstrand] add --dbus-path option to apparmor-easyprof: POSTPONED
[jdstrand] write optional ubuntu-aggregating-scope-network apparmor template for trusted scopes: POSTPONED

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.