Novell Opens Its Armor
Armoring the Masses
SUSE Linux is sometimes remembered for having really excellent tools (such as YaST) that start closed and eventually became open. Today SUSE's parent company, Novell, is continuing that tradition with the open-source release of the its AppArmor security application.
A direct outcome of last year's acquisition of Immunix, Inc., AppArmor is a framework application that can apply security processes and policies to any application running in a given environment, in much the same way SELinux functions. Unlike SELinux, which is notoriously difficult to configure correctly, AppArmor features a more user-friendly configuration system.
That comparison comes from Charlie Ungashick, director of product marketing of Linux OS products at Novell, who spoke to LinuxPlanet about today's release of AppArmor. "AppArmor can be used to roll out applications and security concepts in the real world," he added.
With this release, Novell is donating all of the source code for AppArmor under the GPL licence to the openSUSE project. The code can be downloaded free of charge starting today. AppArmor binary code is already available in SUSE Linux 10 and SUSE Linux Enterprise Server 9 Service Pack 3 and, Ungashick indicated, the source code and binaries will be available within SUSE Linux 10.1 when that distribution is released next week.
An immediate advantage to making AppArmor open source will be the ability to incorporate AppArmor configurations directly within any third-party application, according to AppArmor architect Crispin Cowan. Cowan, the founder and former CTO of Immunix, explained that now that AppArmor was open source, any application developer that wisyhed to could create finely detailed security configurations for their application and embed those config files within their own code. If run in an AppArmor environment, AppArmor would see the configuration code and act on it accordingly for that application.
Cowan is excited about this next phase in the evolution of his Immunix product.
"This is something I always wanted to do," Cowan said, "but with a small company you are hesitant to give away a major part of your intellectual property."
Now that Novell is releasing the code and will continue to provide support for it, Cowan seems assured that AppArmor will thrive. In fact, both he and Ungashick agreed that it is likely that other distributions will want to take advantage of AppArmor.
"I fully expect Debian and Gentoo to look at it," Cowan stated. Those distros, which keep proprietary code out, will now be free to examine and incorporate AppArmor into their toolsets--something Cowan feels might happen since he believes those distros "are struggling with SELinux."
Now that the AppArmor code is out in the openSUSE project, Novell is hoping that developer access to AppArmor code and tools will facilitate the review, testing, and development of AppArmor for all of the community.