Juju and AppArmor

Jamie Strandboge jamie at canonical.com
Mon Oct 3 14:06:04 UTC 2011


On Thu, 2011-09-29 at 18:32 -0300, Gustavo Niemeyer wrote:
> Hey Jamie,
> 
> > Juju offers a wonderful opportunity to combine robust and easy
> > installations with the security benefits of AppArmor[1]. A big reason
> > why policy makers for any Mandatory Access Control (MAC) system like
> (...)
> > While we can't really drive this, the Ubuntu Security team would be
> > happy to help people in any way we can. Feel free to discuss on the
> > ubuntu-hardened at lists.ubuntu.com mailing list or join us in
> > #ubuntu-security on Freenode.
> 
> This is a very neat idea indeed. We've been talking a lot about some
> kind of enclosure with security purposes, but mostly around the idea
> of containers for the individual units. We hope LXC will actually be
> secure at some point, and it already does a reasonable job when the
> user has no root access, but this is a lot less fine-grained than what
> we could do with App Armor. I honestly hadn't thought about exploring
> AppArmor more widely in this context, and it definitely feels like
> something we should be experimenting with and encouraging people to be
> using more often.
> 
FYI, AppArmor is root strong and can be used in combination with
containers.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/juju/attachments/20111003/a6e321ca/attachment.pgp>


More information about the Juju mailing list