Hello AppArmor community, We are a few developers for SROS, a project geared towards securing the Robotic Operating System [1]. We’d like to inquire about some of the inner workings of ApprArmor’s utils python library [2] for several aspects: security event logging, policy profile syntax parsing, and logprof/genprof CLI tools.
Currently we are in the stages of prototyping levels of access control for the computation graph in ROS. Distributed communication between nodes in the graph are done through exchanges via message topics, services, and parameters within a namespace reference frame. To control access within the graph, i.e. which nodes can - publish/subscribe to a topic - advertise/call a service - read/write a parameter We are currently developing features to enable ROS users to specify these policies into the underlying protocol. In addition we’d like to make it simple to generate policies via learning by demonstration or auditing logged events, as well as provide a simple set of CLI tools much like apparmor has now for amending policies. To do this, we’d like to see what amount of apparmor utility code could be reused, what sections of the code base may be most applicable, and perhaps if any common core functions could be shared. We'd like the idea of code reuse here, as there is much security policy oriented features, syntax, and unittests we would like to mirror for our own middleware for robotic systems. So if you’d be willing, we’d like to start a dialogue and find what we can learn from your community. Thank you, Ruffin White and Gianluca Caiazza [1] http://www.ros.org/ [2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.10/file s/head:/utils/ P.S. I suppose it's been a while, but a couple months ago we sent out audit request for our AppArmor profile for ROS. I believe the audit is still open for for suggestions and recommendations, your feedback and expertise is really appreciated. https://lists.ubuntu.com/archives/apparmor/2016-June/009785.html https://github.com/ros-infrastructure/apparmor_profiles/issues/1
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
