AppArmor mediation improvements
Improvements to AppArmor mediation for Ubuntu for the 14.10 cycle.
Blueprint information
- Status:
- Complete
- Approver:
- Marc Deslauriers
- Priority:
- Essential
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- John Johansen
- Definition:
- Approved
- Series goal:
- Accepted for utopic
- Implementation:
- Milestone target:
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Related branches
Related bugs
jdstrand: ipc mediation work carried over from https:/
2014-05-13> per jjohansen, fine-grained networking and environment filtering (see https:/
Work Items
Work items for ubuntu-14.05:
[jjohansen] backport signal/ptrace mediation to phablet kernels: DONE
Work items for ubuntu-14.06:
[jjohansen] deliver signal/ptrace meditation on phablet images: DONE
[jjohansen] ext. mediation, alt ns unix domain socket, labeling - kernel - deps labeling: DONE
[jjohansen] ext. mediation, alt ns unix domain socket, policy language - parser: DONE
[jjohansen] ext. mediation, alt ns unix domain socket - parser tests: DONE
[sbeattie] ext. mediation, alt ns unix domain socket - regressiont tests: DONE
[jjohansen] ext. mediation, netlink, address matching - kernel: DONE
[jjohansen] ext. mediation, netlink, profile language - parser: DONE
[jjohansen] ext. mediation, netlink - parser tests: POSTPONED
[jjohansen] ext. mediation, netlink - regression tests: POSTPONED
[sbeattie] ext. mediation, anonymous ipc (pipes, sock pairs, ..) mediate - kernel: DONE
[jjohansen] ext. mediation, anonymous ipc rules (sock pairs, ..) - parser: DONE
[jjohansen] ext. mediation, anonymous ipc rules (sock pairs, ..) - parser tests: DONE
[sbeattie] ext. mediation, anonymous ipc rules (sock pairs, ..) - regression tests: DONE
[tyhicks] fd passing and inheritance - regression tests (essential): DONE
Work items for ubuntu-14.07:
[jjohansen] fix bug #1329833 (precompiled policy shipped with an image is not working): DONE
Work items for ubuntu-14.10:
[jjohansen] fd passing and inheritance - revalidate files at ipc (essential): DONE
[jdstrand] verify policy for dbus, upstart and other abstract sockets: DONE
[sbeattie] ext. mediation, signal - update aa-logparser (???) (1): DONE
[sbeattie] ext. mediation, alt ns unix domain socket - update aa-logparse, including tests (???) (1): DONE
[jjohansen] ext. mediation, alt ns unix domain socket - documentation/man pages (0.5): DONE
[sbeattie] ext. mediation, netlink - update aa-logparser, including tests (???) (1): DONE
[jjohansen] ext. mediation, netlink - documentation/man pages (???) (0.5): DONE
[sbeattie] ext. mediation, ipc rules - update aa-logparser, including tests (???) (1): DONE
[jjohansen] ext. mediation, anonymous ipc (sock pairs, ..) - RFC/discussion (???) (1): DONE
[sbeattie] ext. mediation, anonymous ipc rules (sock pairs, ..) - update aa-logparser, including tests (???) (1): DONE
[sbeattie] ext. mediation, ptrace - aa-logparser, including tests (???) (1): DONE
[jdstrand] ext. mediation, anonymoys ipc rules (pipes, sock pairs, ..) - documentation/man pages: DONE
Work items for later:
[jjohansen] ext. mediation, signal, use sids for interrupts - kernel (???) (2): POSTPONED
[sbeattie] ext. mediation, alt ns unix domain socket - userspace tools (???) (2): POSTPONED
[sbeattie] ext. mediation, alt ns unix domain socket - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] ext. mediation, netlink - userspace tools (???) (2): POSTPONED
[sbeattie] ext. mediation, netlink - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] ext. mediation, anonymous ipc (sock pairs, ..) - upstream (???) (1): POSTPONED
[jjohansen] ext. mediation, anonymous ipc rules (pipes, sock pairs, ..) - userspace tools (???) (2): POSTPONED
[jjohansen] ext. mediation, anonymous ipc rules (pipes, sock pairs, ..) - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] fine grained network mediation ipv4: POSTPONED
[jjohansen] fine grained network mediation ipv6: POSTPONED
[jjohansen] improved environment filtering: POSTPONED
Dependency tree

* Blueprints in grey have been implemented.