Juju charm security

Registered by Marc Deslauriers

Discuss ways to improve charm security and security processes.

Blueprint information

Status:
Not started
Approver:
Jamie Strandboge
Priority:
Essential
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
Jamie Strandboge
Definition:
Approved
Series goal:
Accepted for raring
Implementation:
Unknown
Milestone target:
milestone icon ubuntu-13.04

Related branches

Sprints

Whiteboard

Charm security and update process
 * Juju features to watch:
   - Adding arbitrary actions (for applying security updates)
   - "security" tagged bugs in juju and juju-core launchpad project
 * Ideas for improvement:
  - Review points for preventing security bugs
  - Static analysis for preventing security bugs (charm proof)
  - Better tools and docs for applying apparmor

Charms with AppArmor
 * what is the current statue?
 * what could be done better?
 * would it help if the security team could produce a representative charm or two for charming with apparmor?
 * unattended-upgrades charm?

From etherpad (http://summit.ubuntu.com/uds-r/meeting/21156/security-r-juju-charms/):
example: http://jujucharms.com/security-notices/jcsn/jcsn-001
juju/security tag: https://bugs.launchpad.net/juju/+bugs?field.tag=security
Charm security and update process
 * Juju features to watch:
   - Adding arbitrary actions (for applying security updates) - this is for updating deployed software (not the charm itself)
   - "security" tagged bugs in juju and juju-core launchpad project
 * Ideas for improvement:
  - Review points for preventing security bugs
  - Static analysis for preventing security bugs (charm proof)
    * charm proof captures known problems
    * it could have a pedantic mode that warns for red flags
  - Better tools and docs for applying apparmor
   * currently people aren't doing this
   * juju team is pushing for more knowledge
Charms with AppArmor
 * what is the current status?
 * what could be done better?
 * would it help if the security team could produce a representative charm or two for charming with apparmor?
 * unattended-upgrades charm?
 * Juju bootstrap should generate ssh host keys locally, push them to the instances, load them automatically into a local known_hosts.juju file, and prune them on destroying the environment
  - juju team has a plan (needs to be in core), but needs time to do it
  - a branch is available
  * Juju should inject a random seed via metadata for each instance launched

Possible demo charms:
 * unattended-upgrades
 * samba
 * backend/infrastracture one (rabbitmq)

Unassigned work items:
[charmers] some sort of command for 'are there upgrades available for this charm' (over the charms in an environment)
[security] maybe demo charm for samba?
[] recover ssh key handling from bitrot, attach it to a bug lp:~jimbaker/juju/ssh-known_hosts; https://bugs.launchpad.net/juju/+bug/802117; https://lists.ubuntu.com/archives/juju/2011-November/001034.html
[security] comment on bug for ssh key handling
[] push high entropy seed from client as part of cloud-init medata

(?)

Work Items

Work items:
[seth-arnold] unattended upgrades charm (essential) (2): DONE
[jorge] formally document juju/charms security process: TODO
[jdstrand] review process and review the security notices page (essential) (1): POSTPONED
[jdstrand] discuss charm proof additions (essential) (3) : POSTPONED
[jdstrand] get information to the juju team on how to use AppArmor (essential) (2): POSTPONED
[jdstrand] charm for moin (essential) (3): POSTPONED
[sbeattie] look at apache non-prefork (essential) (1): POSTPONED
[seth-arnold] charm for samba (essential) (5): POSTPONED
[seth-arnold] charm for backend/infrastructure one (essential) (5): POSTPONED
[seth-arnold] review juju.ubuntu.com/apparmor (essential) (0.5): TODO