The future of AppArmor

Late last month, Novell laid off the development team for the AppArmor security tool. AppArmor is widely deployed by SUSE Linux users to restrict programs from accessing things that they shouldn't. Novell intends to keep shipping AppArmor, while two other distributions are adding support for it, which makes this move a bit puzzling. Reasons are hard to come by when a "reduction in force" (a common euphemism for layoff) happens, but Novell did clearly indicate that they had no plans to stop using AppArmor as the "core security technology in SUSE Linux Enterprise."

When a project team is laid off, it is common for the team to lose interest in the project – go off to find other things to do – but that does not appear to be the case here. Some of the laid-off team members have formed Mercenary Linux to do AppArmor consulting. They intend to work with Novell and others to guide AppArmor through the kernel submission process, with the goal of getting merged into the mainline. There are some hurdles to clear before that can happen – if it does – but AppArmor does not have the look of a project being abandoned, at least yet.

AppArmor was originally a proprietary program, which Novell acquired in 2005 when they bought Immunix, the company that developed it. In January 2006, Novell released it under the GPL and in April of that year, submitted it as a patch for inclusion in the kernel. The reaction was rather unfavorable, with the main issue being the reliance on paths, rather than information stored in the filesystem inode, to determine security policy. The main advantage cited by AppArmor proponents is that it is much easier to understand and manage compared to SELinux, its main competitor in the Linux security module arena.

AppArmor is included in SUSE Linux and has become popular, so much so that both Mandriva and Ubuntu are shipping it in their next releases. Because of that, Crispin Cowan, founder of Immunix and former AppArmor team lead at Novell, guesses that "by early 2008 a majority of all Linux users will have AppArmor running on their desktop."

After letting the developers go, Novell has no plans to stop shipping AppArmor according to Kevan Barney, senior public relations manager:

AppArmor is shifting to an open source development model, where Novell will still be participating as part of the community. As Barney puts it:

Cowan agrees that the project is moving away from a one-company model: "AppArmor is becoming a truly distributed open source project, and Mercenary Linux hopes to be the hub of that community." He and the other former team members who formed Mercenary Linux are poised to assist with AppArmor development:

Both Novell and Mercenary will be pushing to get AppArmor into the kernel, with another patch submission from Novell expected soon. The impediments to getting those patches accepted are outlined by Cowan:

AppArmor provides some amount of protection against programs trying to access files or perform actions that they shouldn't. Just how much protection it provides is the subject of much debate. There are valid concerns that it papers over the complexities of securing Linux, providing a false sense of security, but it would appear that there is a clear path for it to be included in the kernel. After Linus Torvalds's recent pronouncement that the Linux Security Modules API would stay in the kernel, one potential barrier to AppArmor acceptance has fallen.

It remains to be seen if Novell, Mercenary, and the AppArmor community can work with the kernel hackers to resolve some outstanding issues. The path-based architecture of AppArmor, while contentious, is not likely to keep it out of the kernel. It has been a year and a half since the first submission, though; it will require a concerted effort to work through the process. With three distributions shipping it and minimal impact on those who do not enable it, it seems pretty unlikely that it will stay out forever.