[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

John Johansen john.johansen at canonical.com
Tue Jun 4 23:47:54 UTC 2013

On 06/04/2013 04:21 PM, Christian Boltz wrote:
> Hello,
> Am Mittwoch, 5. Juni 2013 schrieb Kshitij Gupta:
>> @John thanks confirming the account. Also I studied the documentation
>> for the configprofiler and I find it perfectly suitable for
>> manipulating the config files. I can quite easily write a new may
>> module using this library.
> Or you use it directly if it does what you need.
> There's nothing wrong with wrappers, but if you don't need one, don't 
> write one ;-)
>> While I was thinking of setting up a page for the purpose I came
>> across this [wiki.apparmor.net/index.php/DevelopmentRoadmap#Tools]. I
>> see quite a lot of things on the roadmap, but the question is if the
>> page is up-to-date or not. 
> I'm afraid the only wiki page that is really up to date is the page 
> about IRC meetings ;-)
Sadly this is true, some parts are more up to date than others, if you
aren't sure about something just ask.

> From reading the roadmap page, I see that for example "sandbox 
> generation tool" is somewhat outdated - at least the "basic profile 
> setup" part is covered by aa-easyprof.
well actually aa-sandbox covers more of that, but aa-easyprof is part
of the solution

aa-exec - is a tool to launch an application confined by a specific

aa-easyprof - is a templating tool that provides the ability to
  generate a profile from a template.

aa-sandbox - is a sandbox setup tool, which will use existing or
  dynamically generated profiles.

>> In the roadmap (under Tools) I see things
>> like profile merge tool (one of the things we intend to do), new
>> learning tools, basic profile setup, split into separate tools (not
>> sure if the latter is a thing I am supposed to do),etc. 
> "split into separate tools" is listed for the parser (apparmor_parser 
> binary, which (simplified summary) reads the profiles and loads them 
> into the kernel). 
> That's different from the profile generation tools, and therefore not an 
> area you'll be working on. (Nevertheless, if you notice an issue with 
> it, a bugreport or a patch is always welcome.)
Right the plan has been to split the parser into a couple of libraries
and a few separate tools.

aa-compiler - only does policy compilation
aa-loader - handles loading

apparmor_parser - current tool as wrapper around the compiler and loader

While it would be nice if we had the parsing front end split out so you
could just plug-in to that for the profile development tool we don't

>> So, I believe
>> this can be a starting point and hence based on these and additional
>> ideas for the roadmap I can setup a wikipage for it.
> I have a feeling that your GSoC proposal is better, more detailed and 
> more up-to-date than the roadmap page - you should probably copy it to 
> the wiki (on a new page) so that additional ideas can be included.
think of the road map page as a place to crib ideas from. Its just not
up to date

>> @Christian, I think you might have skipped a mail in between. If you
>> could take out some time I'd like some code review before I step
>> ahead into other tools. :)
> I skipped that mail because John's reply covered it completely. 
> I also reviewed the code, but my reply would have been very similar to 
> what John wrote. Writing the same stuff is also known as superfluous ;-)
>> Also I suppose we should setup a schedule for interacting, like I
>> understand that you take breathers during weekends. Maybe we can come
>> up on a weekly schedule when we'll be present on IRC so we or anybody
>> else can interact.
> Weekly meetings are a good idea - we just need to find a good time (see 
> below).
> BTW: openSUSE also has a tradition to have short weekly reports as blog 
> post and/or sent to the mailinglist. It would be nice if you can also do 
> that. (The mails should go to the apparmor and the opensuse-project 
> mailinglists.)
> Back to IRC - the best thing would be to "always" join the #apparmor IRC 
> channel. There's no need to keep the IRC client active while you are 
> sleeping ;-) but it's a good idea to have the IRC client automatically 
> starting and joining the #apparmor channel when you login on your 
> computer.
> This doesn't mean we have to do daily meetings, but if you have 
> questions, you'll usually get a fast answer on IRC.
> I'm usually online in the evenings (CET timezone) - something like 17:00 
> UTC to 23:00 UTC. Often I'm also online on the weekend, but sometimes 
> (not only on weekends) real life brings some more important stuff ;-)
> John is usually available at work hours (in USA), which roughly 
> translates to CET late afternoon until very late ;-) evening.
The best way to see if I am online is to just ping me, my hours are

> Does this match the time when you are typically near your computer?
> If yes, just regularly join the #apparmor channel.
> Nevertheless, wel should find a good time for regular (weekly?) 
> meetings.
> BTW: The next meeting is already scheduled for next tuesday.
> http://wiki.apparmor.net/index.php/MeetingAgenda
yes and that would be a good place to catch up for next week.

More information about the AppArmor mailing list