[ubuntu-hardened] AppArmor for Ubuntu

Crispin Cowan crispin at novell.com
Wed Feb 22 16:19:58 GMT 2006

Hi. I'm the founder of Immunix, and lead architect for AppArmor
<http://en.opensuse.org/Apparmor>. Since Novell open sourced AppArmor
last month, I have been out trying to help people start using it, even
on other distros. I was very pleased to see someone port AppArmor to
Slackware <http://danieldk.org/apparmor//> and would like to help port
it to Ubuntu. Since Ubuntu has a very strong ease-of-use theme, AppArmor
for Ubuntu should be a very strong fit.

So I start googling, and come across this thread that is all of 4 days
and this is my attempt to reply to posts I don't have in my mailbox :)

Magnus Runesson wrote:
> When Novell released Apparmor I read about it and it seems much easier
> to configure and manage. For you that have not heard about it, take a
> look at: http://en.opensuse.org/Apparmor
> For a while we had have plans at my work to hardening all our server
> applications with SELinux, but gave up. It was to hard. We have no
> started considering giving Apparmor a try, since we think that may be
> possible.
> From my point of you it is important that security mechanisms are pretty/
> /transparent for the users, and easy to manage for the administrators.
That is exactly the point of AppArmor's design: to provide security,
while being completely transparent to applications, and very easy for
users to configure. My portable AppArmor demo is to create an
application profile for Apache while you watch, taking about 3 minutes.
That's a week's work with SELinux.

Does this idea sound interesting to the Hardened Ubuntu community?

For people in Europe who would like to know more, I will be presenting a
talk on AppArmor this weekend at FOSDEM <http://www.fosdem.org/2006>.
The schedule says the talk is Sunday at 14h00.

Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
	Olympic Games: The Bi-Annual Festival of Corruption

More information about the ubuntu-hardened mailing list