[apparmor] GSoC proposal text v3

Jamie Strandboge jamie at canonical.com
Tue Mar 12 13:57:03 UTC 2013 

On 03/11/2013 09:48 PM, John Johansen wrote:
> Alright so we have a GSoC proposal (current text below), through opensuse
> and I would like to put a couple of potential revisions to a vote.
> 
> 1. Allowing for the Go language as an implementation option. I did this
>    to allow the student some options. But there are good arguements
>    against it, like introducing a new language to the code base.
> 

-1

> 2. Whether we should add C back in as a requirement and make the base
>    library part be in C so it can be shared with the parser. And be
>    integrated into the current libapparmor
> 

+1

C as a library requirement seems fine and appropriate. I prefer dropping
Go and perl (though experience in perl is of course still desirable)
while keeping python.

It was decided some time ago that we would rewrite user facing tools in
python because it is fast enough, is widely used, and there is
proficiency with the most active AppArmor developers. pyunit is also
understood by the most active AppArmor developers. Following this, one
tool was already rewritten in python, 2 new ones written in python and
another being rewritten in python. Adding yet another language to the
source seems like the wrong choice since it introduces complexity, makes
maintenance harder, and limits code reuse between tools. Go in
particular could be painful since it is so new, it might be difficult
for distributions to integrate newly written tools. Furthermore, a
change of language should not be up to the GSoC participant, but rather
an active decision made by us. While I appreciate the desire to expand
our search so that we have a better chance of getting something, I would
argue that if we limit our scope to what we actually want, there is a
better chance the code will land. This is better for us and more
rewarding for the GSoC participant.

> 
> Current text below
> 
> -----------------------------
> 
> AppArmor profile development tool
> 
> Description: The AppArmor project is a MAC like security extension for
> Linux. Its policy is based around profiles that are used to define the
> set of permission an application will be granted.
> 
> The project goal is to implement a new smarter profile development tool,
> that is better at creating abstractions, and inter-profile policy analysis.
> 
> The base part of the project will be to implement a library and basic tool
> using the library that can develop a profile from audit log files, and basic
> user interaction. This tool will replace the existing aa-logprof and
> aa-genprof tools, which are unmaintained and out of date.
> 
> The remainder of the project will be to extend the base library and tool,
> in any of several possible directions
> * doing analysis on the interaction of rules within a profile as well as how
>   profiles interact. This can be used to simplify rules, suggest
>   simplifications or abstrations, and discover potential security holes in
>   the provided policy.
> * doing static analysis on applications to extract possible rules and rule
>   patterns. This can be used to preseed profile development by feeding
>   the output into the base part of the project, and find program behavior
>   that may not be discovered by standard execution on an application.
> * creating a tool to merge multiple profiles together. Working similar
>   to logprof, but using profiles instead of a log as input.
> * developing a better interface that will aid the user in being able to find
>   abstractions, and analyze inter-profile behavior.
> * update the existing YaST module to interface with the new profile development
>   tool.
> 
> Required knowledge: Python or Go,
> Helpful knowledge: C and Perl as some components are written in these languages
>                    YCP (if the student decides to update the YaST module as part
>                    of depenent on implementation route), some knowledge of Perl
>                    would be good but is not required
> 
> Skill Level: Intermediate - Hard (depends on implementation route)
> 
> Mentors: John Johansen, Christian Boltz
> 
> Student:
> 
> 


-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130312/32fa4667/attachment.pgp>

More information about the AppArmor mailing list