Weekly Edition
Return to the Kernel page
| |||||||||||||
AppArmor: it's baaaaaaack
The AppArmor security module has had a difficult life - even considering
that security modules tend to have a hard path into the mainline in
general. Its
pathname-based approach concerned numerous developers, and its
implementation caused the net to echo with NACKs. Eventually, its core
developers lost their jobs and moved on to other pursuits, some
distributors lost interest, and AppArmor disappeared from
view. Meanwhile, the pathname-based TOMOYO Linux module managed to
overcome the hurdles and get into the mainline.
Speaking at LinuxCon, your editor stated that he did not know if AppArmor would come back or not. The next day, a new set of AppArmor patches was posted by John Johansen. Interestingly, John works at Canonical, so AppArmor, should it get into the mainline, could well become one of that company's largest contributions to the kernel. Its chances of merger should be better now; TOMOYO Linux has broken down the barriers to pathname-based mandatory access control, and AppArmor uses the new security module hooks which were added to support TOMOYO. As of this writing, though, there have been no reviews posted, so anything could still happen. (Log in to post comments)
AppArmor: it's baaaaaaack Posted Sep 24, 2009 6:13 UTC (Thu) by branden (subscriber, #7029) [Link]
Is that Jon Johansen as in deCSS, or John Johansen as in...somebody else?
AppArmor: it's baaaaaaack Posted Sep 24, 2009 7:22 UTC (Thu) by elanthis (guest, #6227) [Link]
You answered your own question. They're two different names, and two different people.
AppArmor: it's baaaaaaack Posted Sep 25, 2009 18:10 UTC (Fri) by branden (subscriber, #7029) [Link]
My name gets misspelled all the time, so I wanted to be sure.
AppArmor: it's baaaaaaack Posted Sep 24, 2009 6:43 UTC (Thu) by arjan (subscriber, #36785) [Link]
you should have know.
the yearly apparmor-to-lkml posting tends to be 3 weeks before kernel summit...
the conspiracy theorist in me says that this is on purpose to be able to claim at KS that they are relevant. But that's of course bogus, there must be some other argument ;-)
AppArmor: it's baaaaaaack Posted Sep 24, 2009 8:08 UTC (Thu) by smurf (subscriber, #17840) [Link] "It's" → "Its". Sigh.
AppArmor: it's baaaaaaack Posted Sep 25, 2009 2:29 UTC (Fri) by knobunc (subscriber, #4678) [Link]
In the topic title? No... it's is correct. "It's" is a contraction of "it is", so since the topic is "AppArmor: it is baaaaaaaack" that is correct. "Its" is possessive, so would mean the article was about the back of AppArmor.
-ben
AppArmor: it's baaaaaaack Posted Sep 25, 2009 3:34 UTC (Fri) by smurf (subscriber, #17840) [Link]
No, not in the title -- sorry, should have clarified that.
The error is in the sentence "It's pathname-based approach
".
AppArmor: it's baaaaaaack Posted Sep 25, 2009 13:24 UTC (Fri) by knobunc (subscriber, #4678) [Link]
Ah. Sorry!!
AppArmor: it's baaaaaaack Posted Sep 24, 2009 9:53 UTC (Thu) by Trou.fr (subscriber, #26289) [Link]
Speaking of TOMOYO, I still haven't seen any decent review or guide. Maybe our great editor could enlighten us ?
AppArmor: it's baaaaaaack Posted Dec 9, 2009 7:07 UTC (Wed) by haradats (guest, #44782) [Link]
Trou.fr,
>Speaking of TOMOYO, I still haven't seen any decent review or guide. Maybe our great editor could enlighten us ?
Sorry I'm late (as always).
If you mean an introductory documentation by the word "guide",
http://tomoyo.sourceforge.jp/wiki-e/?TomoyoLive#z3329686
If you are busy and have no time to try LiveCD,
http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu9.10-live...
If you are deadly tired and don't want to read characters,
http://www.youtube.com/watch?v=OjgBRDa53M8 (Ubuntu)
If you still have problems, please let me know.
AppArmor: it's baaaaaaack Posted Sep 24, 2009 11:18 UTC (Thu) by ikm (subscriber, #493) [Link]
On an offtopic note, are these smaller articles a replacement for the "In Brief" section, or those two are completely independent?
In brief Posted Sep 24, 2009 14:24 UTC (Thu) by corbet (editor, #1) [Link] Yes, "in brief" has been turned into its own section, with the separate articles split out. Content is pretty much the same, just formatted in a way which (we think) is better.
In brief Posted Sep 27, 2009 12:01 UTC (Sun) by man_ls (subscriber, #15091) [Link] It is far better. Comments are more on-topic now (even if this particular item has a lot of off-topics).
did it make it into 2.6.32? Posted Sep 28, 2009 9:15 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
I don't see a mention of it in the -rc1 release notes, did it get picked up or a reason for it not getting picked up given?
did it make it into 2.6.32? Posted Sep 28, 2009 9:30 UTC (Mon) by corbet (editor, #1) [Link] It was never really proposed for 2.6.32. The code has seen significant changes and will certainly need review; there was no time for that in this cycle, even if changes are not needed.
|
|||||||||||||