AppArmor information updated
Clint Byrum
clint at ubuntu.com
Thu Jan 12 10:03:03 UTC 2012
Just an FYI, I've tested the procedure for building an apparmor profile
and embedding it in a charm. Its quite an easy process, and results in
a webapp that can't perform any operations you haven't explicitly allowed.
Here is the basic information:
https://juju.ubuntu.com/AppArmor
And here is the change to the statusnet charm to use it:
https://code.launchpad.net/~clint-fewbar/charm/oneiric/statusnet/apparmor/+merge/88326
Note that the profile was almost entirely generated using aa-logprof,
with only one weird problem introduced during that process (it thought
we needed the libvirt/qemu abstraction which clearly we did not).
More information about the Juju
mailing list