Language Selection

English French German Italian Portuguese Spanish

Ubuntu gets AppArmor support

Filed under
Ubuntu

This is bad news. AppArmor is a weak design. IMHO it gives the users a false impression of security, while leaving too much open to bypass security.

But the biggest problem IMHO is that noone at Ubuntu seems to be working on their SELinux support. All I've seen is Ubuntu users breaking their system to a point where they didn't know how to fix it in the attempt to install their SELinux packages. The packages are mostly a 1:1 copy of the Debian packages I guess, but for example their new 'upstart' init-replacement likely isn't capable of actually starting a SELinux enabled system. Oh, and Debian didn't include the relevant package in any 'stable' release, Ubuntu had it in 'universe' since 'warty'. Right now, feisty will include the package, though it reportedly can't be installed.

In the example used in the blog, evince is maybe protected from exploits by bad PDF files, but if you do a cp /usr/bin/evince /tmp and run that copy, all the protection is gone. A symlink might already be sufficient! So AppArmor is heavily relying on the user playing nicely.

More Here.

More in Tux Machines

Mycroft AI Intelligent Personal Assistant Now Available as a Raspberry Pi Image

It's been very quiet lately for the Mycroft project, an open-source initiative to bring a full-featured intelligent personal assistant to Linux desktops, but it looks like it's still alive and kicking, and it's now available as a Raspberry Pi image. Read more

You Can Now Have All the Essential Ubuntu 14.04.5 LTS Flavors on a Single ISO

After informing Softpedia about the release of the Linux AIO Ubuntu 16.10 Live DVDs, Željko Popivoda from the Linux AIO team is now announcing the availability of Linux AIO Ubuntu 14.04.5. Read more

Benchmarking Radeon Open Compute ROCm 1.4 OpenCL

Last month with AMD/GPUOpen's ROCm 1.4 release they delivered on OpenCL support, albeit for this initial release all of the code is not yet open-source. I tried out ROCm 1.4 with the currently supported GPUs to see how the OpenCL performance compares to just using the AMDGPU-PRO OpenCL implementation. Read more

Canonical to Remove Old Unity 7 Scopes from Ubuntu Because They're Not Secure

Canonical's Will Cooke has revealed recently the company's plans on removing some old, unmaintained Unity 7 Scopes from the Ubuntu Linux archives because they could threaten the security of the entire operating system. Read more