AppArmor information updated
clint at ubuntu.com
Thu Jan 12 10:03:03 UTC 2012
Just an FYI, I've tested the procedure for building an apparmor profile
and embedding it in a charm. Its quite an easy process, and results in
a webapp that can't perform any operations you haven't explicitly allowed.
Here is the basic information:
And here is the change to the statusnet charm to use it:
Note that the profile was almost entirely generated using aa-logprof,
with only one weird problem introduced during that process (it thought
we needed the libvirt/qemu abstraction which clearly we did not).
More information about the Juju