AppArmor abstractions cleanup
Discuss what is expected from each abstraction and how they can be improved. Will include going through the abstractions as shipped in the apparmor package.
Blueprint information
- Status:
- Complete
- Approver:
- Robbie Williamson
- Priority:
- High
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- Jamie Strandboge
- Definition:
- Approved
- Series goal:
- Accepted for lucid
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Whiteboard
jdstrand feedback: for now distro abstractions are fine with the distro-* convention. No real reason to change. Preferred applications are broken out into different abstractions. Eg ubuntu-email and ubuntu-
Work items:
investigate creating directories for distro abstractions: DONE
move common rules to abstractions: DONE
Gobby notes:
AppArmor abstractions
Abstraction Intent
- originally was high level grouping of common permissions across applications
- there was a second dir "program_chunks" for individual program permission
grouping. Eg. Acroread permissions for firefox
- dropped program chunks folded into abstractions
New abstractions
- can include a directory, or perhaps extend to include a file if it exists
- ubuntu-browsers
- can use tunables, and append values by dropping in new files
- problem need to have packages drop in file to update
- harder to read than just a listing of names
Dealing with prefered applications
- ubuntu_helpers
- have an abstractions/
- ubuntu-desktop, kubuntu-desktop may be worthwhile
- proc abstraction (to base probably)
- Need to do a large cross profile analysis
Abstractions Review
- firefox profile abstractions
- /etc/sounds -> audio
- dbus-launch? maybe a child profile?
- sys_ptrace (needed because of /proc fd files) -- cleanup with kernel and userspace
- owner for firefox .mozilla stuff (and other)
- gnome abstracton has 'mounts', remove from firefox
- clean up $HOME/** redundancies
- /media, /mnt, /srv: r w/o owner, rw with
- owner for per-user common plugin
- user-tmp should break out read with owner write (but see what breaks)
- m implies r
- try to see if we can move from Uxr to ixr
- use media players
- evince
- use /**/*.[bB][mM][pP] r, (don't do this, it is larger)