[pve-devel] Consideration of contributing Apparmor for KVM

[Sven Springer via pve-devel <pve-devel@lists.proxmox.com>]

[-- Attachment #1: Type: message/rfc822, Size: 9556 bytes --]

[-- Attachment #1.1.1.1: Type: text/plain, Size: 1351 bytes --]

Hello,

for a project we are working on a simple Apparmor profile for KVM-based 
VMs in Proxmox.
For now it's a POC with a static profile for the qemu-system-x86_64 
binary. The next step would be to patch the Proxmox Perl code to 
implement a basic version of dynamic profiles, similar to how it's done 
for LXC by Proxmox, or how it's done by libvirt for QEMU/KVM.

Now the thought of bringing this upstream was brought up, but I am a 
little concerned about the scope of this endeavor (in particular 
considering limited to no perl experience on our side).
I am also aware that there have been requests about this feature by 
other users in the forum and on the bug report board, but no specific 
promises have been made nor does it appear in the Roadmap 
(https://pve.proxmox.com/wiki/Roadmap).

Implementing it for a limited scope/usecase (e.g. only x86, only testing 
with some storage type, not testing for a plethora of pass-through 
possibilities) seems doable enough, but is this even something you would 
even consider accepting as a contribution, or is it more an 
all-or-nothing situation where most if not all edgecases need to be 
covered from the get-go?

Any feedback is much appreciated.


This is my first mail to this list, so please let me know if I missed 
some netiquette.

Best regards,
Sven.


[-- Attachment #1.1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 665 bytes --]

[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel