Improve AppArmor policy load

Registered by Jamie Strandboge on 2014-05-02

Improve AppArmor policy load in Ubuntu

Blueprint information

Status:
Complete
Approver:
Marc Deslauriers
Priority:
Undefined
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
None
Definition:
Approved
Series goal:
Accepted for utopic
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-14.08
Started by
Jamie Strandboge on 2014-08-15
Completed by
Jamie Strandboge on 2014-10-23

Related branches

Sprints

Whiteboard

jdstrand> this needs more fleshing out: eg, systemd integration, split up kernel postinst work item into smaller chunks, parser into a library (systemd)

(?)

Work Items

Work items for ubuntu-14.05:
[seth-arnold] Discuss apparmor profile load strategy: DONE
[mdeslaur] investigate/benchmark/bootchart converting apparmor to an upstart job (before lightdm/other login managers, console, sysv scripts): DONE

Work items for ubuntu-14.06:
[mdeslaur] convert apparmor to use upstart job: DONE

Work items for ubuntu-14.07:
[jjohansen] prototype parser to generate multiple versioned apparmor cache files: DONE
[tyhicks] upstream jj's parser patches for multiple versioned apparmor cache files: POSTPONED
[tyhicks] determine proper directory structure for versioned apparmor cache files: POSTPONED
[tyhicks] implement kernel postinst policy compiles: POSTPONED
[tyhicks] implement hook to clean up cache files on kernel uninstall: POSTPONED

Work items for later:
[tyhicks] create minimal library for cached profile loading in systemd/upstart: POSTPONED
[tyhicks] write systemd patch to load cached profiles at startup: POSTPONED
[tyhicks] submit systemd apparmor cache load patch upstream: POSTPONED
[mdeslaur] write upstart patch to load cached profiles at startup: POSTPONED
[tyhicks] write second-stage systemd unit for apparmor: POSTPONED
[tyhicks] review systemd profile switch functionnality: POSTPONED
[tyhicks] modify (if necessary) systemd profile switch functionnality: POSTPONED
[tyhicks] submit systemd profile switch patch upstream: POSTPONED
[mdeslaur] decide how to fix upgrade failures on apparmor policy load: POSTPONED
[mdeslaur] revert upstart distro patch to fail open on policy load: POSTPONED
[jjohansen] drive apparmor policy versioning to completion: POSTPONED
[tyhicks] update apparmor_parser to add v3 open rules to v2 policy: POSTPONED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.