[apparmor] [opensuse-project] Google Summer of Code'13 accepted student

Christian Boltz apparmor at cboltz.de
Thu May 30 18:31:31 UTC 2013 

Hello,

Am Donnerstag, 30. Mai 2013 schrieb Kshitij Gupta:
> I believe we can discuss project related specifics on personal mails
> and not clutter the mailing list. However, when we need reviews or
> ideas we can get to the mailing list. :-)

I'd prefer to have everything on the apparmor mailinglist. 
We might get more reviews or ideas (even on topics where we don't really 
expect them ;-) ) and also better and faster answers on questions 
because more people can answer them.

Besides that, I wouldn't call it "clutter the mailing list" ;-)

BTW: The mailinglist survived the last set of kernel patches (> 60 mails 
+ replies), so it will also survive GSoC ;-)

> 1) I'm on openSUSE 12.3 64-bit (x86_64) release. I'm actually looking
> forward to those bindings. (too see how much they're gonna save me ;-)

I sent you the packages with private mail some hours ago. Just install 
them and check what they provide ;-)  (Basically they are just a wrapper 
around libapparmor.)
(I hope the packages work with the AppArmor packages from openSUSE 12.3 
because my version is slightly newer - if something breaks, please tell 
me and you'll get the complete set of packages.)

If you have any questions about libapparmor or the python bindings, ask 
on the mailinglist - libapparmor is an area I personally don't really 
know.

> 2) From what I understand you wish to store the additions for existing
> profiles into the local/* . From the README, it seems  the directory
> was for that purpose (if I'm not mistaken). 

Correct - the only missing part is support in the utilities, which is 
now on your list of wanted features ;-)

Talking about feature ideas - it would be nice to have profile 
modification scriptable. I'm thinking about something like

    aa-$toolname --profile "/usr/sbin/httpd2-prefork"  \
        --addhat "vhost_foo"
    aa-$toolname --profile "/usr/sbin/httpd2-prefork//vhost_foo"  \
        --add '/home/foo/httpdocs/** r'

Can you add this to the "nice-to-have" list?

> At the time of saving a
> profile, the user can be presented with the same as an option for the
> same. Any other way you'd want it implemented?

A config option (change main profile / write to local / always ask) 
would be nice to avoid the user gets asked every time he runs logprof. 
This also implies a commandline switch for logprof to be able to 
override the config setting.

Maybe we should also have a way to set different defaults per profile. 
@John, Seth, Steve: do you think this is necessary? If yes, how would 
you implement it?


I noticed you created https://launchpad.net/~apparmor-profile-tools
I assume you want to use that as development place, right?
(and BTW, I changed the title from "dev" to "AppArmor profile tools" ;-)

@John: is it easily possible to move the code including version history 
to the apparmor repo later? I'd guess it is, but I'm not familiar enough 
with bzr...


Regards,

Christian Boltz
-- 
[scrolling with synaptics touchpad] I'm sorry, I couldn't realise
this feature automatically because of my sausage fingers :-D
[Tob Sch on https://bugzilla.novell.com/show_bug.cgi?id=168295]

More information about the AppArmor mailing list