Language Selection

English French German Italian Portuguese Spanish

Ubuntu gets AppArmor support

Filed under
Ubuntu

This is bad news. AppArmor is a weak design. IMHO it gives the users a false impression of security, while leaving too much open to bypass security.

But the biggest problem IMHO is that noone at Ubuntu seems to be working on their SELinux support. All I've seen is Ubuntu users breaking their system to a point where they didn't know how to fix it in the attempt to install their SELinux packages. The packages are mostly a 1:1 copy of the Debian packages I guess, but for example their new 'upstart' init-replacement likely isn't capable of actually starting a SELinux enabled system. Oh, and Debian didn't include the relevant package in any 'stable' release, Ubuntu had it in 'universe' since 'warty'. Right now, feisty will include the package, though it reportedly can't be installed.

In the example used in the blog, evince is maybe protected from exploits by bad PDF files, but if you do a cp /usr/bin/evince /tmp and run that copy, all the protection is gone. A symlink might already be sufficient! So AppArmor is heavily relying on the user playing nicely.

More Here.

More in Tux Machines

10 Best Linux Desktop Environments And Their Comparison | 2017 Edition

The Linux world is full of open source software. You have the option of choosing from hundreds of distributions and customize them as per your will. No one slaps you with a copyright even if you change the source code of a distro to fork your Linux distro and release it with a new name. Only one thing the creators may ask you is to give them proper credits because they have also invested their efforts and time. Read more

Using Open Source to Empower Students in Tanzania

Powering Potential Inc. (PPI) aims to enhance education opportunities for students in Tanzania with the help of the Raspberry Pi and open source technology. “I believe technology is a vital part of the modern human experience. It enlightens. It ties us together. It broadens our horizons and teaches us what we can be. I believe everyone deserves access to these resources,” says Janice Lathen, Founding Director and President of PPI. Read more

IoT gateway runs mainline Linux on i.MX7

Compulab’s “IOT-GATE-iMX7” gateway runs mainline Linux on its CL-SOM-iMX7 COM, and offers optional GbE, 3G, WiFi, BT, and ZigBee. Compulab has launched a Linux-driven Internet of Things gateway built around its CL-SOM-iMX7 COM, featuring NXP’s power-sipping i.MX7 SoC. The embedded world is awash in i.MX6-based IoT gateways, but this is the first i.MX7 based model we’ve seen. Read more

IP camera design offers triple 4K encoding, runs Android on hexa-core SoC

Intrinsyc’s Android-ready Open-Q 650 IP Camera Reference Design is built on a Snapdragon 650, and supports up to three 4K H.264/H.265 30fps streams. Intrinsyc Technologies has followed up on last year’s Open-Q 410 Wearable Camera Reference Design with a more powerful Open-Q 650 IP Camera Reference Design. Like the 410 model, the 650 IP version runs Android on a Qualcomm Snapdragon SoC. However, it features a faster, hexa-core Snapdragon 650 SoC in place of the quad-core, Cortex-A53 Snapdragon 410. Read more