Language Selection

English French German Italian Portuguese Spanish

Ubuntu gets AppArmor support

Filed under
Ubuntu

This is bad news. AppArmor is a weak design. IMHO it gives the users a false impression of security, while leaving too much open to bypass security.

But the biggest problem IMHO is that noone at Ubuntu seems to be working on their SELinux support. All I've seen is Ubuntu users breaking their system to a point where they didn't know how to fix it in the attempt to install their SELinux packages. The packages are mostly a 1:1 copy of the Debian packages I guess, but for example their new 'upstart' init-replacement likely isn't capable of actually starting a SELinux enabled system. Oh, and Debian didn't include the relevant package in any 'stable' release, Ubuntu had it in 'universe' since 'warty'. Right now, feisty will include the package, though it reportedly can't be installed.

In the example used in the blog, evince is maybe protected from exploits by bad PDF files, but if you do a cp /usr/bin/evince /tmp and run that copy, all the protection is gone. A symlink might already be sufficient! So AppArmor is heavily relying on the user playing nicely.

More Here.

More in Tux Machines

Leftovers: Gaming

10 Great Plasma Widgets for KDE with Screenshots

Since the introduction of Plasma widgets in KDE4, the whole desktop took a new direction, starting to become a more interactive way to communicate with the user, to say nothing about the fact that a desktop with widgets will look more beautiful than a plain, icon-only desktop. Read more

OPNFV Adds Chinese Telecom to Open Source NFV/SDN Partnership

The Linux Foundation's OPNFV project won a significant endorsement this week from China-based ZTE Corporation, which stands to increase the global reach of the open source network functions virtualization (NFV) and software-defined networking (SDN) initiative. Based in Shenzen, China, ZTE is a major manufacturer of telecom... Read more

Elive 2.4.5 beta released

The Elive Team is proud to announce the release of the beta version 2.4.5 Read more