Juju and AppArmor
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Thu Sep 29 21:32:30 UTC 2011
Hey Jamie,
> Juju offers a wonderful opportunity to combine robust and easy
> installations with the security benefits of AppArmor[1]. A big reason
> why policy makers for any Mandatory Access Control (MAC) system like
(...)
> While we can't really drive this, the Ubuntu Security team would be
> happy to help people in any way we can. Feel free to discuss on the
> ubuntu-hardened at lists.ubuntu.com mailing list or join us in
> #ubuntu-security on Freenode.
This is a very neat idea indeed. We've been talking a lot about some
kind of enclosure with security purposes, but mostly around the idea
of containers for the individual units. We hope LXC will actually be
secure at some point, and it already does a reasonable job when the
user has no root access, but this is a lot less fine-grained than what
we could do with App Armor. I honestly hadn't thought about exploring
AppArmor more widely in this context, and it definitely feels like
something we should be experimenting with and encouraging people to be
using more often.
--
Gustavo Niemeyer
http://niemeyer.net
http://niemeyer.net/plus
http://niemeyer.net/twitter
http://niemeyer.net/blog
-- I never filed a patent.
More information about the Juju
mailing list