Language Selection

English French German Italian Portuguese Spanish

Ubuntu gets AppArmor support

Filed under

This is bad news. AppArmor is a weak design. IMHO it gives the users a false impression of security, while leaving too much open to bypass security.

But the biggest problem IMHO is that noone at Ubuntu seems to be working on their SELinux support. All I've seen is Ubuntu users breaking their system to a point where they didn't know how to fix it in the attempt to install their SELinux packages. The packages are mostly a 1:1 copy of the Debian packages I guess, but for example their new 'upstart' init-replacement likely isn't capable of actually starting a SELinux enabled system. Oh, and Debian didn't include the relevant package in any 'stable' release, Ubuntu had it in 'universe' since 'warty'. Right now, feisty will include the package, though it reportedly can't be installed.

In the example used in the blog, evince is maybe protected from exploits by bad PDF files, but if you do a cp /usr/bin/evince /tmp and run that copy, all the protection is gone. A symlink might already be sufficient! So AppArmor is heavily relying on the user playing nicely.

More Here.

More in Tux Machines

openSUSE Leap 42.1 + Cinnamon, XFCE, or Budgie = GeckoLinux

GeckoLinux is based on openSUSE Leap 42.1, and it exists to make the openSUSE distribution more refined and approachable. It has recently released live installable DVD editions featuring the Cinnamon, XFCE, and Budgie desktop environments. These include many refinements and features not available in the standard openSUSE Leap installation images.

Read more

GOL, Phoronix on Graphics

Supporting Software Freedom Conservancy

There are a number of important organizations in the Open Source and Free Software world that do tremendously valuable work. This includes groups such as the Linux Foundation, Free Software Foundation, Electronic Frontier Foundation, Apache Software Foundation, and others. Read more

Leftovers: OSS

  • Video: PBS Pro Workload Manager Goes Open Source
  • Turris Omnia: high-security, high-performance, open-source router
    An Indigogo campaign was recently launched for the Turis Omnia, promising backers a high-security, high-performance, open-source router. “With powerful hardware, Turris Omnia can handle gigabit traffic and still be able to do much more,” the company said. “You can use it as a home server, NAS, printserver, and it even has a virtual server built-in.”
  • IBM SystemML Machine Learning Technology Goes Open-Source
  • PuppetLabs Introduces Application Orchestration
    Everybody loves Puppet! Or at the very least, an awful lot of people USE Puppet and in the IT world, “love” is often best expressed by the opening of one’s wallet. I know, in the FOSS world wallets are unnecessary, and Puppet does indeed have an Open Source version. However, once one gets to enterprise-level computing, a tool designed for enterprise scale is preferable and usually there is a cost associated. Puppet was originally started as an open source project by Luke Kanies in 2005, essentially out of frustration with the other configuration management products available at the time. Their first commercial product was released in 2011, and today it is the most widely used configuration management tool in the world with about 30,000 companies running it. According to our own surveys, better than 60% of Linux Journal readers use some form of Puppet already and you must like it too as it regularly finishes at or near the top in Readers’ Choice awards.