... | ... | @@ -30,7 +30,7 @@ For a list of improvements and extensions to AppArmor see the [development roadm |
|
|
- [ ] allow all,
|
|
|
- [ ] compiler
|
|
|
- [ ] intersection of kernel abi and specified abi
|
|
|
- [ ] document abi priotity
|
|
|
- [ ] document abi priority
|
|
|
- [ ] when does policy abi override, compiler specified abi, vs defaulting to kernel abi
|
|
|
- [ ] cleanup warnings
|
|
|
- [ ] abi
|
... | ... | @@ -101,7 +101,7 @@ graph TD |
|
|
PrefixPolicy --> ParserPrefix[Prefix support in Parser]
|
|
|
PrefixPolicy --> UtilsPrefix[Prefix support in Utils]
|
|
|
PrefixPolicy --> MovePermPack
|
|
|
AuditEventQueue -->AuditRecordReroute[Reroute events from Audit to Prompt subsystem]
|
|
|
AuditEventQueue --> AuditRecordReroute[Reroute events from Audit to Prompt subsystem]
|
|
|
KernelWork --> AuditDeDup[Dedup audit records]
|
|
|
AuditRecordReroute --> AuditCache[Caching of Audit records]
|
|
|
AuditCache --> AuditObject[Audit Record allocation]
|
... | ... | @@ -178,7 +178,7 @@ Most work items cover more than one section of the stack, however there are seve |
|
|
- [ ] Fix mediation to do single path name lookup and share across label iterator
|
|
|
- [ ] task based debug flags
|
|
|
- [ ] rework debug messages into multiple classes, so we can selectively turn on/off debug output
|
|
|
- [ ] virtualize remaining interfaces to policy namespace <br> _requires: ? _<br>_required by: containers, application policy, unpriviliged user policy_
|
|
|
- [ ] virtualize remaining interfaces to policy namespace <br> _requires: ? _<br>_required by: containers, application policy, unprivileged user policy_
|
|
|
- [ ] split scope & view in code <br> _requires: ?_ <br>_required by: containers, application policy, unprivileged user policy_
|
|
|
- [ ] rename fns etc to scope, view or ns
|
|
|
- [ ] implement scope & view functionality
|
... | ... | @@ -653,7 +653,7 @@ Parser |
|
|
- compiled struct matching
|
|
|
- compiled struct compression
|
|
|
|
|
|
##### Compatability
|
|
|
##### Compatibility
|
|
|
|
|
|
- check for newer kernel version
|
|
|
- output new split dfa, permission format
|
... | ... | @@ -833,7 +833,7 @@ test suites |
|
|
- better way to share/reuse test for conditionals
|
|
|
- load/remove/replace tests
|
|
|
- namespace create/remove tests
|
|
|
- break tests into different catagories and directories
|
|
|
- break tests into different categories and directories
|
|
|
- provide easier access to different sets of tests to run subsets
|
|
|
- procattr read expected value tests
|
|
|
- supported interface version tests
|
... | ... | @@ -876,7 +876,7 @@ test suites |
|
|
|
|
|
#### stress tests
|
|
|
|
|
|
- fix existing broken tests and reenable
|
|
|
- fix existing broken tests and re-enable
|
|
|
- leak tests
|
|
|
- add structure to tests
|
|
|
|
... | ... | @@ -923,7 +923,7 @@ Documentation |
|
|
|
|
|
- add to wiki
|
|
|
|
|
|
### comparisions
|
|
|
### Comparisons
|
|
|
|
|
|
- comparisons to other security projects
|
|
|
- weaknesses and advantages
|
... | ... | |