Blueprint changed by Robbie Williamson: Whiteboard changed: Status: lightweight "first steps" work items identified. + + Work Items for precise-alpha-2: + [jdstrand] rewrite aa-complain and aa-enable/etc. in python and make sure they are installed in base installs: TODO Work Items: [clint-fewbar] document how to generate profiles from complain logs in charms: TODO [clint-fewbar] write helper scripts for charms to install/include charms easily: TODO [clint-fewbar] write an example profile embedded in a charm: TODO - [jdstrand] rewrite aa-complain and aa-enable/etc. in python and make sure they are installed in base installs: TODO + aa-logprof aa-genprof aa-complain, aa-enable, etc should be rewritten in python and in package with aa-status update charm-tools to generate apparmor templates (?) - can we get this from packages (like metadata description)? already part of charm review augment juju debug logs to include aa complaints (?) - helps generate profiles for charms - deploy charm in learning mode autodiscovery of complaints... set profiles on all ami's in ec2 in complain mode... mine this (anonymized somehow?) this might even be useful outside of the context of charms What about strengthening the container itself? as we move to containers everywhere (separate conversation) security team working to get apparmor stacking working for lxc containers Two problems: - profiles for services within the containers - containers themselves
-- Juju: Using AppArmor with Charms https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-juju-charm-apparmor-policies -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
