Language Selection

English French German Italian Portuguese Spanish

Ubuntu gets AppArmor support

Filed under
Ubuntu

This is bad news. AppArmor is a weak design. IMHO it gives the users a false impression of security, while leaving too much open to bypass security.

But the biggest problem IMHO is that noone at Ubuntu seems to be working on their SELinux support. All I've seen is Ubuntu users breaking their system to a point where they didn't know how to fix it in the attempt to install their SELinux packages. The packages are mostly a 1:1 copy of the Debian packages I guess, but for example their new 'upstart' init-replacement likely isn't capable of actually starting a SELinux enabled system. Oh, and Debian didn't include the relevant package in any 'stable' release, Ubuntu had it in 'universe' since 'warty'. Right now, feisty will include the package, though it reportedly can't be installed.

In the example used in the blog, evince is maybe protected from exploits by bad PDF files, but if you do a cp /usr/bin/evince /tmp and run that copy, all the protection is gone. A symlink might already be sufficient! So AppArmor is heavily relying on the user playing nicely.

More Here.

More in Tux Machines

SUSE Linux Enterprise 12 SP2 to Ship with GNOME 3.20, Public Beta Out Now

Today, June 30, 2016, SUSE has had the great pleasure of announcing the availabilty of a public beta release of its upcoming, commercial SUSE Linux Enterprise 12 Service Pack 2 operating system. Read more

Review: Linux Mint 18 (Sarah)

Portugal vs Poland Live Stream Poland vs Portugal Live Streaming

Review: Linux Mint 18 (Sarah)

If you were looking to jump the Ubuntu ship completely, then we recommend taking a look at our recent Review of Fedora 24. It’s equally as good as Mint 18 and equally worthy of your consideration. Between Linux Mint 18 and Fedora 24, we reckon it’s exciting times in the Linux world. With the exception and onset of the boring world of vanilla Ubuntu releases, Linux feels reinvigorated and fresh once again. Jump on board, because it can only get better from here. Read more

Security Leftovers