Improve AppArmor policy load
Improve AppArmor policy load in Ubuntu
Blueprint information
- Status:
- Complete
- Approver:
- Marc Deslauriers
- Priority:
- Undefined
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- Accepted for utopic
- Implementation:
- Implemented
- Milestone target:
- ubuntu-14.08
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Related branches
Related bugs
Sprints
Whiteboard
jdstrand> this needs more fleshing out: eg, systemd integration, split up kernel postinst work item into smaller chunks, parser into a library (systemd)
Work Items
Work items for ubuntu-14.05:
[seth-arnold] Discuss apparmor profile load strategy: DONE
[mdeslaur] investigate/
Work items for ubuntu-14.06:
[mdeslaur] convert apparmor to use upstart job: DONE
Work items for ubuntu-14.07:
[jjohansen] prototype parser to generate multiple versioned apparmor cache files: DONE
[tyhicks] upstream jj's parser patches for multiple versioned apparmor cache files: POSTPONED
[tyhicks] determine proper directory structure for versioned apparmor cache files: POSTPONED
[tyhicks] implement kernel postinst policy compiles: POSTPONED
[tyhicks] implement hook to clean up cache files on kernel uninstall: POSTPONED
Work items for later:
[tyhicks] create minimal library for cached profile loading in systemd/upstart: POSTPONED
[tyhicks] write systemd patch to load cached profiles at startup: POSTPONED
[tyhicks] submit systemd apparmor cache load patch upstream: POSTPONED
[mdeslaur] write upstart patch to load cached profiles at startup: POSTPONED
[tyhicks] write second-stage systemd unit for apparmor: POSTPONED
[tyhicks] review systemd profile switch functionnality: POSTPONED
[tyhicks] modify (if necessary) systemd profile switch functionnality: POSTPONED
[tyhicks] submit systemd profile switch patch upstream: POSTPONED
[mdeslaur] decide how to fix upgrade failures on apparmor policy load: POSTPONED
[mdeslaur] revert upstart distro patch to fail open on policy load: POSTPONED
[jjohansen] drive apparmor policy versioning to completion: POSTPONED
[tyhicks] update apparmor_parser to add v3 open rules to v2 policy: POSTPONED
Dependency tree
* Blueprints in grey have been implemented.