AppArmor development (essential items)

Registered by Marc Deslauriers on 2012-05-24

Blueprint to track misc essential AppArmor work items.

Blueprint information

Status:
Not started
Approver:
Jamie Strandboge
Priority:
Essential
Drafter:
John Johansen
Direction:
Approved
Assignee:
John Johansen
Definition:
Approved
Series goal:
Accepted for quantal
Implementation:
Deferred
Milestone target:
milestone icon ubuntu-12.10-beta-1

Related branches

Sprints

Whiteboard

(?)

Work Items

Work items:
[jdstrand] review ARB requirements and update policy (essential) (0.5): DONE
[jjohansen] organize workitems and roadmap (essential) (1): DONE
[jjohansen] release 2.8/open 2.9, branch 2.8, and do release steps (essential) (0.5): DONE
[jjohansen] release 2.8/open 2.9, integrate outstanding patches (eg. net debugging from jeffm, ...) - (essential) (1): DONE
[jjohansen] release 2.8/open 2.9, fix parser build failures on some tool chains - parser (essential) (0.5): DONE
[jjohansen] sids, add sids hash table - kernel (high) (3): INPROGRESS
[jjohansen] sids, update kernel iterfaces for sids - kernel (high) (2): INPROGRESS
[jjohansen] stacking, kernel interface - kernel (high) (1): INPROGRESS
[jjohansen] stacking, add profile sets - kernel (high) (3): INPROGRESS
[jjohansen] stacking, update sids to represent profile sets - kernel (high) (2): INPROGRESS
[jjohansen] stacking, update task context to use profile sets - kernel (high) (1): INPROGRESS
[jjohansen] stacking, refactor code to pass profile set instead of profile into top level - kernel (high) (3): INPROGRESS
[jjohansen] stacking, refactor path lookup, so it is done once, and pass to foreach profile in set - kernel (high) (2): INPROGRESS
[jjohansen] stacking, extend task context to track top namespace - kernel (high) (2): INPROGRESS
[jjohansen] ext. mediation, alt ns unix domain socket - upstream (essential) (1): POSTPONED
[jjohansen] ext. mediation, alt ns unix domain socket, matching - kernel (essential) (2): POSTPONED
[jjohansen] ext. mediation, netlink - upstream (essential) (1): POSTPONED
[jjohansen] ext. mediation, netlink, base matching - kernel (essential) (0.5): POSTPONED
[jjohansen] rework interface for atomic profile set load (high) (3): INPROGRESS
[jjohansen] rework profile locking to use RCU to avoid system deadlock (essential) (5): INPROGRESS
[sbeattie] Pythonize simple apparmor tools (aa-enforce, aa-disable, aa-complain) (high) (2): TODO
[tyhicks] base policy introspecition interface - upstream (high) (2): POSTPONED
[jjohansen] base policy introspection interface - kernel (high) (3): INPROGRESS
[tyhicks] extend base policy introspection interface - kernel (high) (3): POSTPONED
[tyhicks] base policy introspection interface, virtualize policy dir (high) (5): POSTPONED
[sbeattie] base policy introspection interface - regression tests (high) (2): POSTPONED
[sbeattie] base policy introspection interface - update userspace tools (high) (2): POSTPONED
[jjohansen] dfa set perms, aare interface update - parser (high) (1): TODO
[jjohansen] dfa set perm tracking, basic perms - parser (high) (2): TODO
[jjohansen] dfa set perm tracking, deny perms - parser (high) (3): TODO
[jjohansen] dfa, perm mapping to kernel perms - parser (high) (1): TODO
[sbeattie] base regression test infrastructure using py-unit (high) (3): TODO

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.