[apparmor] [opensuse-project] Google Summer of Code'13 accepted student
john.johansen at canonical.com
Tue Jun 4 23:47:54 UTC 2013
On 06/04/2013 04:21 PM, Christian Boltz wrote:
> Am Mittwoch, 5. Juni 2013 schrieb Kshitij Gupta:
>> @John thanks confirming the account. Also I studied the documentation
>> for the configprofiler and I find it perfectly suitable for
>> manipulating the config files. I can quite easily write a new may
>> module using this library.
> Or you use it directly if it does what you need.
> There's nothing wrong with wrappers, but if you don't need one, don't
> write one ;-)
>> While I was thinking of setting up a page for the purpose I came
>> across this [wiki.apparmor.net/index.php/DevelopmentRoadmap#Tools]. I
>> see quite a lot of things on the roadmap, but the question is if the
>> page is up-to-date or not.
> I'm afraid the only wiki page that is really up to date is the page
> about IRC meetings ;-)
Sadly this is true, some parts are more up to date than others, if you
aren't sure about something just ask.
> From reading the roadmap page, I see that for example "sandbox
> generation tool" is somewhat outdated - at least the "basic profile
> setup" part is covered by aa-easyprof.
well actually aa-sandbox covers more of that, but aa-easyprof is part
of the solution
aa-exec - is a tool to launch an application confined by a specific
aa-easyprof - is a templating tool that provides the ability to
generate a profile from a template.
aa-sandbox - is a sandbox setup tool, which will use existing or
dynamically generated profiles.
>> In the roadmap (under Tools) I see things
>> like profile merge tool (one of the things we intend to do), new
>> learning tools, basic profile setup, split into separate tools (not
>> sure if the latter is a thing I am supposed to do),etc.
> "split into separate tools" is listed for the parser (apparmor_parser
> binary, which (simplified summary) reads the profiles and loads them
> into the kernel).
> That's different from the profile generation tools, and therefore not an
> area you'll be working on. (Nevertheless, if you notice an issue with
> it, a bugreport or a patch is always welcome.)
Right the plan has been to split the parser into a couple of libraries
and a few separate tools.
aa-compiler - only does policy compilation
aa-loader - handles loading
apparmor_parser - current tool as wrapper around the compiler and loader
While it would be nice if we had the parsing front end split out so you
could just plug-in to that for the profile development tool we don't
>> So, I believe
>> this can be a starting point and hence based on these and additional
>> ideas for the roadmap I can setup a wikipage for it.
> I have a feeling that your GSoC proposal is better, more detailed and
> more up-to-date than the roadmap page - you should probably copy it to
> the wiki (on a new page) so that additional ideas can be included.
think of the road map page as a place to crib ideas from. Its just not
up to date
>> @Christian, I think you might have skipped a mail in between. If you
>> could take out some time I'd like some code review before I step
>> ahead into other tools. :)
> I skipped that mail because John's reply covered it completely.
> I also reviewed the code, but my reply would have been very similar to
> what John wrote. Writing the same stuff is also known as superfluous ;-)
>> Also I suppose we should setup a schedule for interacting, like I
>> understand that you take breathers during weekends. Maybe we can come
>> up on a weekly schedule when we'll be present on IRC so we or anybody
>> else can interact.
> Weekly meetings are a good idea - we just need to find a good time (see
> BTW: openSUSE also has a tradition to have short weekly reports as blog
> post and/or sent to the mailinglist. It would be nice if you can also do
> that. (The mails should go to the apparmor and the opensuse-project
> Back to IRC - the best thing would be to "always" join the #apparmor IRC
> channel. There's no need to keep the IRC client active while you are
> sleeping ;-) but it's a good idea to have the IRC client automatically
> starting and joining the #apparmor channel when you login on your
> This doesn't mean we have to do daily meetings, but if you have
> questions, you'll usually get a fast answer on IRC.
> I'm usually online in the evenings (CET timezone) - something like 17:00
> UTC to 23:00 UTC. Often I'm also online on the weekend, but sometimes
> (not only on weekends) real life brings some more important stuff ;-)
> John is usually available at work hours (in USA), which roughly
> translates to CET late afternoon until very late ;-) evening.
The best way to see if I am online is to just ping me, my hours are
> Does this match the time when you are typically near your computer?
> If yes, just regularly join the #apparmor channel.
> Nevertheless, wel should find a good time for regular (weekly?)
> BTW: The next meeting is already scheduled for next tuesday.
yes and that would be a good place to catch up for next week.
More information about the AppArmor