Novell sheds AppArmor development team
Novell released the AppArmor security solution as an open source project early last year, but the company is now shedding its five-man development team, centred around AppArmor developer Crispin Cowan. Cowan arrived at Novell in mid 2005 as a result of the acquisition of Immunix. To limit process access to system objects such as files and network ports, AppArmor adds an additional control layer to the Linux kernel. Novell has made repeated attempts to integrate AppArmor into the 'official' version of the Linux kernel maintained by Linus Torvald, but has come up against reservations from the development community. The concerns relate primarily to the method of identifying files using their names, rather than saving this information as extended attributes together with the file in the way that, for example, SELinux does.
Novell has chosen not to comment on the sacking of the development team in detail, presenting it as part of a company wide restructuring process, which is also intended to include steps to improve the product development process. Whilst Red Hat has placed its trust in SELinux, a competitor to AppArmor which has long been supported by the kernel, Canonical's Ubuntu 7.10 / Gutsy Gibbon, due for release in the next few days, and Mandriva's recently presented Mandriva Linux 2008 both support AppArmor.
Together with a number of colleagues - including Steve Beattie and Dominic Reynolds, who were also sacked by Novell - Crispin Cowan plans to continue working on AppArmor at newly formed consultancy Mercenary Linux. His plans include writing security profiles for AppArmor and promoting integration projects for the AppArmor solution. Cowan remains committed to the AppArmor concept and has not given up hope that it will prevail.