Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757718Ab0GOAnx (ORCPT ); Wed, 14 Jul 2010 20:43:53 -0400 Received: from adelie.canonical.com ([91.189.90.139]:56749 "EHLO adelie.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756851Ab0GOAnv (ORCPT ); Wed, 14 Jul 2010 20:43:51 -0400 From: John Johansen To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org Subject: [AppArmor #5 0/13] AppArmor security module Date: Wed, 14 Jul 2010 17:43:28 -0700 Message-Id: <1279154621-25868-1-git-send-email-john.johansen@canonical.com> X-Mailer: git-send-email 1.7.0.4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2270 Lines: 50 This is the fifth general posting of the newest version of the AppArmor security module it has been rewritten to use the security_path hooks instead of the previous vfs approach. The current implementation is aimed at being as semantically close to previous versions of AppArmor as possible while using the existing LSM infrastructure. Development is on going and improvements to file, capability, network, resource usage and ipc mediation are planned. With this submission we believe AppArmor is ready for inclusion into the kernel. _Issues NOT specifically addressed_ * The d_namespace_path function still manually strips the " (deleted)" string that __d_path appends. A fix to __d_path is being pursued independently of the AppArmor submission. _Issues Addressed Since Last Time AppArmor was Posted_ * AppArmor auditing has been converted to use lsm_audit as suggested by Eric Paris in http://marc.info/?l=linux-security-module&m=125778105017307&w=2 * The user space interface CONFIG_APPARMOR_COMPAT_24 has not been removed, as the replacement interface isn't ready yet. It will become a separate patch that distros can carry to provide backwards compatibility. * AppArmor's old network mediation has been removed and moved into the compatibility patch. The new network mediation routines will be submitted for review separate for the AppArmor base. * all issues raised from last posting should be addressed. * The code has seen more cleanup removing dead code. eg. // as null transition * Several bug fixes have been applied A Detailed list of all changes and patches are available from the AppArmor git repository The AppArmor project has recently transitioned away from Novell forge. Code and Documentation can be found at the following locations * Mailing List - apparmor@lists.ubuntu.com * Documentation (wip) - http://apparmor.wiki.kernel.org/ * User space tools - https://launchpad.net/apparmor * Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/