mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update MeetingAgenda

John Johansen 2021-07-13 18:33:02 +00:00
parent c994426d71
commit b4e7e329d6
1 changed files with 0 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
MeetingAgenda.md

@ -31,106 +31,6 @@ Meeting Logs are linked off of the month agenda title.
[IRC Meeting, 20:00 UTC, Dec 04 2012](IRC_meeting_2012-12-04)
-------------------------------------------------------------------
- Release
- Alpha 1 status
- Alpha 2 target
- cboltz - openSUSE 12.3 feature freeze date?
- current plan is: 2013-01-17: Beta1, 2013-02-07: RC1, 2013-02-28: RC2
- Ubuntu 13.04 feature freeze date: 2013-03-07, Beta Freeze: 2013-03-21, Kernel Freeze: 2013-04-11, Freeze: 2013-04-18, Release: 2013-04-25
- More than a 1 month difference in dev time. Possibility release
- 2.9 subset release of 3.0, userspace + kernel with lock rework and new interface, other features that have stablized
- 3.0 full release with dbus (requires patched dbus), prototype display server, extended kernel features that didn't make it for 2.9 cut off
[IRC Meeting, 20:00 UTC, Nov 06 2012](IRC_meeting_2012-11-06)
-------------------------------------------------------------------
- Alpha 1: not ready yet. This can't be good we are slipping schedules already. When then?
- We could roll alpha 1 this week with 2.8 + a couple of patches + dbus prototype
- We could roll alpha 1 in a couple of weeks with, basic parser C++ conversion, kernel lock rework, aafs profile directories, implicit labeling and stacking
- Move Beta 1 (feature freeze) to February
- UDS recap - Lots discussed, basic recap
- Continue with core rework (stacking, labeling, extended permissions)
- Continue work on env var filtering
- Improve the userspace library and API to add the ability to do permission queries and cache them
- Work on extending apparmor to better support the desktop and sandboxed applications using trusted userspace apps
- DBus
- gsettings
- file picker
- Display server
Discussions to continue from previous meeting
- do we want a special location for auto-generated sniplets? (for example the samba on openSUSE, which currently lives in local/)
- what to call it
- policy-extensions.d
- snippets/autogenerated
- snippets/dhcpd.d
- snippets/foo.d
- snippets/autogenerated/smbd.d
- how magical should aa-enable be? (should it look into the extras/ dir?)
[IRC Meeting, 20:00 UTC, Sep 25, 2012](IRC_meeting_2012-09-25)
--------------------------------------------------------------------
Decisions
- next meeting Nov.6 (monthly basis)
- next version 3.0
- tentative release schedule for version 3.0
- Alpha 1: week of Oct 24.
- Alpha 2: late november
- Alpha 3/beta 1: late december
- beta1/beta2: in mid january
- beta2/3 start of Feb
- release: late Feb with possible slip to late march.
- jj: investigate cost of version tagging more. One potential solution require version tag on older policy.
- we will carry kernel compat patches for a few more releases
- some tools will be deprecated for 3.0 release, we will try to update enough that they don't break new policy (ie don't manipulate), but is not release critical. Will try to address in 3.1
- cboltz: Move /etc/apparmor/profiles/extras to /usr/share/apparmor/extra-profiles/
- distros can symlink there from docs dir if desired
- update logprof to look at new location
- update spec file to make a symlink from old /etc location to new location
Agenda
- Do we need a regular/semi-regular meeting and if so what schedule (weekly, bi-monthly, monthly)
- Is the meeting worth while over just using the ml
- None release features
- autotools rework
- testing infrastructure update
- documentation
- Next release planning
- release schedule (alpha, beta, final)
- expected feature set
- do we release features with out tool support? We are still missing tool support for several features. Worry about catching up in the next release (3.1)?
- Features: expected state, libraries, kernel, parser, utils? (preview vs. ready)
- profile templating
- sandbox
- dbus
- aafs interface?
- stacking/implicit labeling
- Namespace changes (disconnected paths)
- version tag (again). see policy matrix below (forcing policy upgrade, and new parser removes need)
- how long to carry compatibility patches once new interface is upstream
- where to package extra profiles? (/etc/apparmor/profiles/extras/ isn't the best place)
- do we want a special location for auto-generated sniplets? (for example the samba on openSUSE, which currently lives in local/)
- how magical should aa-enable be? (should it look into the extras/ dir?)
| | old kernel | new kernel |
|---------------------------------------------------------------------------------------------------------------------------------------------------|------------|------------------------------|
| | old policy | new policy without new rules |
| old parser | Unchanged | Fail(1) |
| new parser | Unchanged | Unchanged(4) |
| Notes |
| (1) Fails because intent of policy no rule applied is not kept but this is the backwards compatible behavior so could be considered to be correct |
| (2) Fails because parser fails to parse unix domain socket rule |
| (3) Fails because kernel applies rule of no unix domain socket when policy did not specify this |
| (4) new policy is applied like unix domain rules do not exist which is all the old kernel can enforce |
| (5) old policy is enforced as new policy without unix domain rule breaking backwards compat |
IRC Meeting, 1800 UTC, Mar 02, 2011
-----------------------------------