Monday, August 24, 2009

The Future of AppArmor

AppArmor has been adopted as the default Mandatory Access Control solution for both the Ubuntu and Mandriva distributions. I’ve sung its praises before, and as evidenced by writing my now third column about it, clearly I’m still a fan.

But, you should know that AppArmor’s future is uncertain. In late 2007, Novell laid off its full-time AppArmor developers, including project founder Crispin Cowan (who subsequently joined Microsoft).

Thus, Novell’s commitment to AppArmor is open to question. It doesn’t help that the AppArmor Development Roadmap on Novell’s Web site hasn’t been updated since 2006, or that Novell hasn’t released a new version of AppArmor since 2.3 Beta 1 in July 2008, nearly a year ago at the time of this writing.

But, AppArmor’s source code is GPL’d: with any luck, this apparent slack in AppArmor leadership soon will be taken up by some other concerned party—for example, Ubuntu and Mandriva developers. By incorporating AppArmor into their respective distributions, the Ubuntu and Mandriva teams have both committed to at least patching AppArmor against the inevitable bugs that come to light in any major software package.

Given this murky future, is it worth the trouble to use AppArmor? My answer is an emphatic yes, for a very simple reason: AppArmor is so easy to use—requiring no effort for packages already having distribution provided profiles and minimal effort to create new profiles—that there’s no reason not to take advantage of it for however long it remains an officially supported part of your SUSE, Ubuntu or Mandriva system.

Source of Information : Linux Journal 185 September 2009

No comments: