[apparmor] openSUSE Summit

Christian Boltz apparmor at cboltz.de
Mon Apr 2 23:09:33 UTC 2012 

Hello,

Am Montag, 2. April 2012 schrieb John Johansen:
> On 03/31/2012 02:00 AM, Christian Boltz wrote:
> > maybe you have already heard that the openSUSE Summit will take
> > place  from September 21-23, 2012 in Orlando Florida.
> 
> Christian out of curiousity what kind of workshop, would you have run?
> 
> I am assuming a more hands on style tutorial right? 

I didn't think about it too much yet, but I'd say a mix of a talk and a 
hands-on would make sense.

First explain the most important permissions (r, w, ix, mr, Px, Ux, ...) 
to give everybody a basic understanding. This (more or less 
automatically) includes reading one of the profiles in /etc/apparmor.d/
(Doing a hands-on without explaining the basics first doesn't make sense 
IMHO.)

I gave a talk about AppArmor at LinuxTag 2009 - it took about 30 minutes 
including two live demos:

a) create a profile for a very simple "hello world" script

#!/bin/bash
echo "Hello World!" > /tmp/hello.txt
cat /tmp/hello.txt
rm /tmp/hello.txt

Then try to exploit the script (anyone knows how to do that? ;-) and 
show how apparmor denies the exploit ;-)

b) profiling vsftpd

The usual thing: run genprof, start and stop vsftpd, update the profile. 
Then upload a file and update the profile again.


For the openSUSE Summit, I'd replace part b) with the hands-on and let 
everybody choose what he/she wants to profile.

I can provide my slides if you are interested - but I won't include them 
in this mail to keep the question from a) interesting *eg*
The slides are in german, maybe I'll find some time to translate them. 
I'm thinking about giving a similar workshop at the openSUSE conference 
in Prague (in october), so I have to do it anyway.

The funny part is that I could just take the slides and give a talk 
today - the only needed change is the removal of "set capabilities" ;-)  
(and of course some of the newer features are not included, but maybe 
that would be too much in a talk targeted at apparmor newbies.)

> It would be really
> good if we could have someone from the community be there
> representing the project, so we will be kicking around ways for this
> to happen and should work towards putting together a proposal that
> someone could present.

I'd say Frankie volunteered ;-) - but nobody will object if more people 
visit the openSUSE summit.


And just as a reminder:

> > Feel free to forward the CfP to a more broader audience in the
> > Ubuntu world ;-)


Regards,

Christian Boltz
-- 
[ls] Das ist ein kleiner Ludwig, gefolgt von einem kleinen Siegfried 
(zwei muntere Recken, die auszogen, den Drachen zu schrecken). 
Keine Ida, denn Burgfräulein haben in Heldenrunden nix verloren.
[Philipp Zacharias in suse-linux]

More information about the AppArmor mailing list