Juju and AppArmor

Jamie Strandboge jamie at canonical.com
Thu Sep 29 18:42:06 UTC 2011 

Hi!

Juju offers a wonderful opportunity to combine robust and easy
installations with the security benefits of AppArmor[1]. A big reason
why policy makers for any Mandatory Access Control (MAC) system like
AppArmor are unable to shipped usable default policy is because people
are free to adjust paths for their applications in such a way that it
makes it difficult to have a general-purpose policy that is usable yet
still offers security benefits.

Juju solves this because it gives us the opportunity to do what we never
could with Debian packaging alone-- have predictable locations for
files. The charm makers have deep insight into how the application works
and where it is going to be installed and they can leverage this insight
to create useful AppArmor policy for their applications. For example,
someone uses the wordpress charm, and Juju does magic and out pops an
apache installation with mod-apparmor enabled along with a changehat
AppArmor policy for wordpress. Wordpress then runs in a confined
environment that is analogous to a sandbox in such a way that attacks
against wordpress are limited to only that which is allowed by the
policy.

For those unfamiliar with AppArmor[1], it is a very flexible technology
that can significantly improve the security of applications, has a
pretty low barrier to entry, works particularly well with isolating web
applications, and can work with various other technologies. A lot of
information can be found in the upstream documentation[2][3].

If people are interested, there is plenty of example policy for daemons
and other applications in Ubuntu[4]. To confine a web application,
install the libapache2-mod-apparmor package and read the top
of /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 and then you can
install the phpsysinfo package for an example policy that works with
mod-apparmor. 

While we can't really drive this, the Ubuntu Security team would be
happy to help people in any way we can. Feel free to discuss on the
ubuntu-hardened at lists.ubuntu.com mailing list or join us in
#ubuntu-security on Freenode.

Thanks and happy policy-making! :)

[1]https://wiki.ubuntu.com/AppArmor
[2]http://wiki.apparmor.net/index.php/Documentation
[3]http://wiki.apparmor.net/index.php/Documentation#How-to_and_Tutorials
[4]https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/juju/attachments/20110929/580bc381/attachment.pgp>

More information about the Juju mailing list