AppArmor abstractions cleanup

Registered by Jamie Strandboge

Discuss what is expected from each abstraction and how they can be improved. Will include going through the abstractions as shipped in the apparmor package.

Blueprint information

Robbie Williamson
Jamie Strandboge
Jamie Strandboge
Series goal:
Accepted for lucid
Milestone target:
Started by
Jamie Strandboge
Completed by
Jamie Strandboge

Related branches



jdstrand feedback: for now distro abstractions are fine with the distro-* convention. No real reason to change. Preferred applications are broken out into different abstractions. Eg ubuntu-email and ubuntu-media-players

Work items:
investigate creating directories for distro abstractions: DONE
move common rules to abstractions: DONE

Gobby notes:
AppArmor abstractions

Abstraction Intent
- originally was high level grouping of common permissions across applications
- there was a second dir "program_chunks" for individual program permission
  grouping. Eg. Acroread permissions for firefox
- dropped program chunks folded into abstractions

New abstractions
 - can include a directory, or perhaps extend to include a file if it exists
 - ubuntu-browsers
  - can use tunables, and append values by dropping in new files
    - problem need to have packages drop in file to update
    - harder to read than just a listing of names
    Dealing with prefered applications
    - ubuntu_helpers
 - have an abstractions/ubuntu.d directory where we put things like ubuntu-browsers, etc
 - ubuntu-desktop, kubuntu-desktop may be worthwhile
 - proc abstraction (to base probably)
 - Need to do a large cross profile analysis

Abstractions Review
- firefox profile abstractions
 - /etc/sounds -> audio
 - dbus-launch? maybe a child profile?
 - sys_ptrace (needed because of /proc fd files) -- cleanup with kernel and userspace
 - owner for firefox .mozilla stuff (and other)
 - gnome abstracton has 'mounts', remove from firefox
 - clean up $HOME/** redundancies
 - /media, /mnt, /srv: r w/o owner, rw with
 - owner for per-user common plugin
 - user-tmp should break out read with owner write (but see what breaks)
 - m implies r
 - try to see if we can move from Uxr to ixr
 - use media players
- evince
 - use /**/*.[bB][mM][pP] r, (don't do this, it is larger)


Work Items

This blueprint contains Public information 
Everyone can see this information.