New attempt to integrate AppArmor into Linux
John Johansen, a developer with commercial Ubuntu sponsor Canonical, has submitted an updated version of the AppArmor security framework to the Linux kernel developers for inspection. Johansen writes that, like the SELinux and Tomoyo solutions already integrated into the kernel, this fourth general posting of AppArmor uses Linux Security Modules (LSM) to hook into the kernel. Some, but not all of the characteristics criticised by the kernel developers when AppArmor was posted last have reportedly been corrected in the new posting – known for his rather direct comments, however, the maintainer of the Virtual File System (VFS) of Linux soon also found various inconsistencies in the newly posted code.
Novell had bought the company that originally developed AppArmor and released the code under the GPL in 2006. Despite various attempts by Novell developers, however, the code was not integrated into the main development branch of Linux because the kernel developers didn't approve of some of the security framework's properties. With things having gone quiet around AppArmor and Novell also experimenting with SELinux, Canonical began to put more effort into preparing the technology for integration a few months ago. As reported by Johansen at the end of his email, the code is now hosted at kernel.org and launchpad.net rather than Novell Forge.