AppArmor containers support
This blueprint is to regroup and mark as "essential" work required for AppArmor container support.
Blueprint information
- Status:
- Complete
- Approver:
- Jamie Strandboge
- Priority:
- Essential
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- John Johansen
- Definition:
- Approved
- Series goal:
- Accepted for precise
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Related branches
Related bugs
Sprints
Whiteboard
Work items:
[jjohansen] aa-stackcon add api to libapparmor (0.5): DONE
[jjohansen] aa-stackcon add interface to kernel module (0.5): DONE
[jjohansen] (child) stacking interface to create new policy namespace (1): POSTPONED
[jjohansen] (child) stacking cmd line tool to set profile aa_confine + man page (0.5): DONE
[jjohansen] (child) stacking cmd line tool to set stack aa_stack + man page (0.5): DONE
[jjohansen] (child) stacking tag audit messages with namespace (0.5): DONE
[jjohansen] (host) mount rules add to parser (0.5): DONE
[sbeattie] (host) mount rules add to parser tests (0.5): DONE
[jjohansen] (host) mount rules add to kernel (0.5): DONE
[sbeattie] (host) mount rules regression tests (1): DONE
[jdstrand] (host) update man page for mount rules and review wiki documentation for mount rules (1): DONE
[jjohansen] stacking investigate best way to track ns changes in kernel to handle disconnected paths - how to structure policy (3): DONE
[jjohansen] mediation of clone flags to control who can make a new namespace (1): POSTPONED
[jjohansen] investigate removal of need for attach_disconnected in containers (3): DONE
Work Items
Dependency tree
* Blueprints in grey have been implemented.