Application Confinement (DBus)
Continue implementation strategy for mediating DBus calls with AppArmor. Session not required-- work being carried over from previous sprints.
Blueprint information
- Status:
- Complete
- Approver:
- Jamie Strandboge
- Priority:
- High
- Drafter:
- John Johansen
- Direction:
- Approved
- Assignee:
- John Johansen
- Definition:
- Approved
- Series goal:
- Accepted for raring
- Implementation:
-
Implemented
- Milestone target:
-
ubuntu-13.04
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Whiteboard
Work items from https:/
For monthly planning purposes, some work items were broken out into the following:
https:/
https:/
Work Items
Work items:
[tyhicks] dbus - get apparmor parser, library, dbus into a ppa for quantal (high) (1): DONE
[tyhicks] dbus - get apparmor parser, library, dbus into a ppa for raring (high) (1): DONE
[jjohansen] dbus - get apparmor kernel into a ppa for quantal (high) (1): DONE
[jjohansen] dbus - get apparmor kernel into a ppa for raring (high) (1): DONE
[jjohansen] dbus - RFC/discussion (high) (2): DONE
[tyhicks] dbus - make dbus enforcement configurable via dbus configuration (high) (1): DONE
[tyhicks] kernel policy query interface (high) (5): DONE
Work items for later:
[jjohansen] userspace policy matching, userspace matching - libapparmor - deps (high) (4): POSTPONED
[jjohansen] userspace policy matching, unpack exported dfas - libapparmor - deps (high) (4): POSTPONED
[jjohansen] userspace policy matching, - libapparmor unit tests - deps (high) (2): POSTPONED
[tyhicks] dbus daemon, use userspace match - dbus - deps libaparmor userspace match (high) (2): POSTPONED
[tyhicks] userspace policy caching, use policy change notifications - libapparmor (medium) (2): POSTPONED
[tyhicks] userspace policy caching, caching of previous queries - libapparmor (medium) (3): POSTPONED
[tyhicks] userspace policy caching - libapparmor unit tests - deps (medium) (2): POSTPONED
[tyhicks] kernel policy change monitoring interface (high) (5): POSTPONED
[tyhicks] dbus daemon, read from new kernel interface - dbus - deps kernel policy change interface (high) (4): POSTPONED
[tyhicks] dbus daemon, policy updates based on signal - dbus - deps kernel policy change interface (medium) (2): POSTPONED
[tyhicks] upstream - dbus daemon, update dbus hooks - dbus (medium) (2): POSTPONED
[jjohansen] dbus daemon - message data matching - dbus (medium) (4): POSTPONED
[tyhicks] dbus - upstream (medium) (15): POSTPONED
