mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-25 03:15:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
apparmor.d/docs/development/roadmap.md
Alexandre Pujol b10f2df5ec
doc: add roadmap and prebuilt pages.
2025-02-23 20:10:21 +01:00

2.4 KiB
Raw Blame History

title
Roadmap

Toward a stable release

This is the current list of features that must be implemented to get to a stable release

  • Play machine

  • Sub packages

    • Move most profiles into groups such that
    • New simplified build system to generate the packages with profile dependencies check

  • Tests

  • Documentation

    • Initial draft of the security model and goal
    • General documentation improvements

  • General improvements

    • Provide a proper fix for #74, #80 & #235
    • The apt/dpkg profiles needs to be reworked

Next features

  • Conditions

    • Integrate the new condition feature in the profiles and restrict them a lot according to the application actually in use. Eg: Gnome | KDE, X11 | Wayland, etc.
    • Create a new aa-config tool, similar to seboolean, to manage various settings, based on conditions.

  • User Data

    • Fully rewrite the way user data is allowed / denied. The current implementation requires too much configuration to be usable by everyone.
    • Add a prompt listener to handle the user data access.

  • Full System Policy

    • Debug tool to show the profiles transition tree, and ensure no profile is missing
    • Remove the default profile

Done

Abstractions

  • New audio-client and audio-server abstractions
  • New desktop agnostic desktop abstraction for all common access for any GUI app.
  • New graphics abstraction, hardware-agnostic. Fully replace and restrict the old opencl abstractions
  • All new abstractions are documented in the abstractions page

Dbus

  • New dbus-{system,session,accessibility} profiles. Works regardless of the dbus implementation in use.
  • New talk directive: Allow the application to talk to session services. (send to)
  • New own directive: Allow the application to own session services under the given name. (receive, send, bind)
  • New bus-{system,session,accessibility} abstraction to be used in the profiles

Directives