[apparmor] openSUSE Summit
apparmor at cboltz.de
Mon Apr 2 23:09:33 UTC 2012
Am Montag, 2. April 2012 schrieb John Johansen:
> On 03/31/2012 02:00 AM, Christian Boltz wrote:
> > maybe you have already heard that the openSUSE Summit will take
> > place from September 21-23, 2012 in Orlando Florida.
> Christian out of curiousity what kind of workshop, would you have run?
> I am assuming a more hands on style tutorial right?
I didn't think about it too much yet, but I'd say a mix of a talk and a
hands-on would make sense.
First explain the most important permissions (r, w, ix, mr, Px, Ux, ...)
to give everybody a basic understanding. This (more or less
automatically) includes reading one of the profiles in /etc/apparmor.d/
(Doing a hands-on without explaining the basics first doesn't make sense
I gave a talk about AppArmor at LinuxTag 2009 - it took about 30 minutes
including two live demos:
a) create a profile for a very simple "hello world" script
echo "Hello World!" > /tmp/hello.txt
Then try to exploit the script (anyone knows how to do that? ;-) and
show how apparmor denies the exploit ;-)
b) profiling vsftpd
The usual thing: run genprof, start and stop vsftpd, update the profile.
Then upload a file and update the profile again.
For the openSUSE Summit, I'd replace part b) with the hands-on and let
everybody choose what he/she wants to profile.
I can provide my slides if you are interested - but I won't include them
in this mail to keep the question from a) interesting *eg*
The slides are in german, maybe I'll find some time to translate them.
I'm thinking about giving a similar workshop at the openSUSE conference
in Prague (in october), so I have to do it anyway.
The funny part is that I could just take the slides and give a talk
today - the only needed change is the removal of "set capabilities" ;-)
(and of course some of the newer features are not included, but maybe
that would be too much in a talk targeted at apparmor newbies.)
> It would be really
> good if we could have someone from the community be there
> representing the project, so we will be kicking around ways for this
> to happen and should work towards putting together a proposal that
> someone could present.
I'd say Frankie volunteered ;-) - but nobody will object if more people
visit the openSUSE summit.
And just as a reminder:
> > Feel free to forward the CfP to a more broader audience in the
> > Ubuntu world ;-)
[ls] Das ist ein kleiner Ludwig, gefolgt von einem kleinen Siegfried
(zwei muntere Recken, die auszogen, den Drachen zu schrecken).
Keine Ida, denn Burgfräulein haben in Heldenrunden nix verloren.
[Philipp Zacharias in suse-linux]
More information about the AppArmor