[apparmor] UDS wrap-up

Sat Nov 3 20:54:27 UTC 2012

Hello,

Am Samstag, 3. November 2012 schrieb John Johansen:
> So just a quick wrap-up of what happened at UDS-R.
> 
> First there are no audio recordings that I know of 

Can you open a bugreport against UDS, please? That's something that 
needs to be fixed ;-)

That said:
It seems to become a tradition that I have to provide the recordings ;-) 
so I finally created a separate directory for them on my homepage.
You can download them at
    www.cboltz.de/uds/

I managed to capture most sessions related to AppArmor and confinement 
except the last session which was rescheduled in the last minute.

I have the following recordings available:

2012-10-apparmor-lxc-development-1.ogg
2012-10-apparmor-lxc-development-2.ogg
2012-10-application-confinement--content-access-helper--cut.ogg
2012-10-application-confinement--gnome-keyring-1.ogg
2012-10-application-confinement--gnome-keyring-2.ogg
2012-10-application-confinement--online-accounts.ogg
(some recordings are split into two parts, see the -1 and -2)

This time all recordigns are unedited and include all the noise - but 
there's less noice compared to the previous UDS, so you can actually 
understand what was said ;-)

Unfortunately someone broke the UDS schedule page
http://summit.ubuntu.com/uds-r/track/security/
which means I'm unable to access the pads. 

John, can you please paste all session notes into a mail and send them 
to the mailinglist to have them in the list archive?

BTW, when speaking about conferences: 

If you are interested in recordings from the openSUSE conference, 
http://blip.tv/openSUSEtv and http://www.youtube.com/opensusetv are the 
places to go. 

My AppArmor workshop was not recorded ("wrong" room, you probably 
wouldn't learn something new from it anyway ;-)  but at least I have a 
photo and the slides on blog.cboltz.de ;-)

> and I lost access
> to my home server while there so I didn't end up setting it to record
> the live stream either.

Maybe you are interested in my solution which doesn't require to 
manually restart the recording after the automatic hourly icecast 
disconnect:

while true ; do
    wget http://icecast.ubuntu.com:8000/b3-m3.ogg
    sleep 1
done

You'll of course end up with some files you don't need, but it makes 
sure you have everything you want - even if a session lasts a bit longer 
than planned ;-)

(Disk space is not really an issue - with ~30 MB per hour, you won't 
fill up your harddisk even if you recode several days without any 
break.)

> The general take away is that we will be continuing on the core
> improvements that we began back in UDS-Q (6 months ago), and we will
> begin the work towards sandboxing application on the desktop.
> 
> In particular, we have plans to continue the work on adding apparmor
> support to dbus, having a trusted file picker that can be run outside
> of a sandbox, and a gsettings backend that can be used to mediate
> access to desktop settings.

IMHO the filepicker is the most important thing - basically it's the 
only missing part needed to provide secure and non-annoying[1] profiles 
for web browsers - and also other desktop applications
(but maybe I underestimate on how many places dbus is used nowadays...)

Regards,

Christian Boltz

[1] like "you can store downloaded files only in ~/downloads"
-- 
> vielleicht mal xp draufklatschen (tut weh, muß aber sein..wie bei
> einer Impfung) und da so ein Analyse Tool wie SiSandra laufen lassen.
Beim impfen tötet man die Erreger aber ab, bevor man sie verabreicht...
Wie macht man das mit XP? 
[> Gunnar Salbeck und Manfred Tremmel in suse-linux]