AppArmor utils: rewrite more rule types into classesan invention by cboltz While the python-based AppArmor utils (aa-logprof etc.) are much easier to understand and maintain than the old perl code, there are still some terribly long functions like parseprofiledata() in aa.py that are not too easy to understand. Also, using hasher() (a recursive array) as storage can have some strange side effects. Another problem is that test coverage isn't too good, especially for the bigger functions. I already wrote the CapabilityRule and CapabilityRuleset classes (and also the BaseRule and BaseRuleset classes) some months ago, and changed the code to use those classes. This code is already in upstream bzr. |
Create working AppArmor profile for Chromium on openSUSE 13.2a project by thardeck I think AppArmor is a great tool to add an additional layer of security without much effort. While it is normally easy to create a profile for a simple server program it is much more complex in case of desktop applications. The most vulnerable desktop application is the browser so it would be great to have an AppArmor profile for it. |