... | ... | @@ -7,7 +7,41 @@ current code base. |
|
|
For a list of improvements and extensions to AppArmor see the [development roadmap](DevelopmentRoadmap)
|
|
|
# wi list
|
|
|
|
|
|
### full stack (kernel, compiler, testing, utils, library, documentation)
|
|
|
### kernel
|
|
|
- nnp restrictions via stacking
|
|
|
- fuzz interfaces
|
|
|
- permission remap work
|
|
|
- type cache (dependency: permission remapping work)
|
|
|
- support overlayfs
|
|
|
|
|
|
|
|
|
### library
|
|
|
|
|
|
### tooling
|
|
|
|
|
|
### init
|
|
|
- systemd link against libapparmor init, direct early load
|
|
|
|
|
|
### testing
|
|
|
- convert test generators away from perl (python)?
|
|
|
- convert regression tests to new infrastructure
|
|
|
-
|
|
|
|
|
|
### policy
|
|
|
- refactor apparmor profiles
|
|
|
- single tree
|
|
|
- distro dirs as branches
|
|
|
- move apparmor.d out of userspace release
|
|
|
|
|
|
### infrastructure
|
|
|
- top level build target to build whole project
|
|
|
- fix --strip not being passed through correctly in build
|
|
|
- remove deprecated perl from repo (not perl generated swig interface) (issue ??)
|
|
|
|
|
|
### misc
|
|
|
- update apparmor logo on cii best practices
|
|
|
|
|
|
### multiple elements of the stack (kernel, compiler, testing, utils, library, documentation, ...)
|
|
|
- text policy
|
|
|
- kernel: support loading text policy and compress it
|
|
|
- parser: keep or regen text policy, load into kernel
|
... | ... | @@ -22,10 +56,20 @@ For a list of improvements and extensions to AppArmor see the [development roadm |
|
|
- audit caching dedup
|
|
|
- mem off stack, cleanup reduce entries
|
|
|
- share info/dedup
|
|
|
- prompt
|
|
|
- prompt (dendencies: extended permissions, profile flags, audit rework, object delegation, locking rework, buffer rework, type cache)
|
|
|
- kernel
|
|
|
- type cache
|
|
|
- extended permissions (dependency: permission remap work)
|
|
|
- profile flags
|
|
|
- prompt
|
|
|
- kill
|
|
|
- debug
|
|
|
- extended conditionals
|
|
|
- instruction stream for match
|
|
|
- nnp
|
|
|
- suid/guid
|
|
|
- fs subtype for mount
|
|
|
- uid
|
|
|
- fine grained network
|
|
|
- delegation
|
|
|
- object
|
... | ... | @@ -51,44 +95,10 @@ For a list of improvements and extensions to AppArmor see the [development roadm |
|
|
- secondary late phase that can recompile/reload policy
|
|
|
- criu for labeled and delegated objects
|
|
|
|
|
|
### kernel
|
|
|
- nnp restrictions via stacking
|
|
|
- fuzz interfaces
|
|
|
- permission remap work
|
|
|
- type cache (dependency: permission remapping work)
|
|
|
- support overlayfs
|
|
|
|
|
|
|
|
|
### library
|
|
|
|
|
|
### tooling
|
|
|
|
|
|
### init
|
|
|
- systemd link against libapparmor init, direct early load
|
|
|
|
|
|
### testing
|
|
|
- convert test generators away from perl (python)?
|
|
|
- convert regression tests to new infrastructure
|
|
|
-
|
|
|
|
|
|
### policy
|
|
|
- refactor apparmor profiles
|
|
|
- single tree
|
|
|
- distro dirs as branches
|
|
|
- move apparmor.d out of userspace release
|
|
|
|
|
|
### infrastructure
|
|
|
- top level build target to build whole project
|
|
|
- fix --strip not being passed through correctly in build
|
|
|
- remove deprecated perl from repo (not perl generated swig interface) (issue ??)
|
|
|
|
|
|
### misc
|
|
|
- update apparmor logo on cii best practices
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- fs subtype for mount
|
|
|
|
|
|
|
|
|
|
... | ... | @@ -115,14 +125,8 @@ For a list of improvements and extensions to AppArmor see the [development roadm |
|
|
- abi
|
|
|
- fd interface
|
|
|
- multi-query
|
|
|
- query caching
|
|
|
- network
|
|
|
- nnp
|
|
|
- evm xattr match support
|
|
|
- profile flags
|
|
|
- prompt
|
|
|
- kill
|
|
|
- debug
|
|
|
|
|
|
|
|
|
- audit flags
|
|
|
- audit
|
|
|
- quite_allow
|
... | ... | |