[apparmor] UDS wrap-up
Christian Boltz
apparmor at cboltz.de
Sat Nov 3 20:54:27 UTC 2012
Hello,
Am Samstag, 3. November 2012 schrieb John Johansen:
> So just a quick wrap-up of what happened at UDS-R.
>
> First there are no audio recordings that I know of
Can you open a bugreport against UDS, please? That's something that
needs to be fixed ;-)
That said:
It seems to become a tradition that I have to provide the recordings ;-)
so I finally created a separate directory for them on my homepage.
You can download them at
www.cboltz.de/uds/
I managed to capture most sessions related to AppArmor and confinement
except the last session which was rescheduled in the last minute.
I have the following recordings available:
2012-10-apparmor-lxc-development-1.ogg
2012-10-apparmor-lxc-development-2.ogg
2012-10-application-confinement--content-access-helper--cut.ogg
2012-10-application-confinement--gnome-keyring-1.ogg
2012-10-application-confinement--gnome-keyring-2.ogg
2012-10-application-confinement--online-accounts.ogg
(some recordings are split into two parts, see the -1 and -2)
This time all recordigns are unedited and include all the noise - but
there's less noice compared to the previous UDS, so you can actually
understand what was said ;-)
Unfortunately someone broke the UDS schedule page
http://summit.ubuntu.com/uds-r/track/security/
which means I'm unable to access the pads.
John, can you please paste all session notes into a mail and send them
to the mailinglist to have them in the list archive?
BTW, when speaking about conferences:
If you are interested in recordings from the openSUSE conference,
http://blip.tv/openSUSEtv and http://www.youtube.com/opensusetv are the
places to go.
My AppArmor workshop was not recorded ("wrong" room, you probably
wouldn't learn something new from it anyway ;-) but at least I have a
photo and the slides on blog.cboltz.de ;-)
> and I lost access
> to my home server while there so I didn't end up setting it to record
> the live stream either.
Maybe you are interested in my solution which doesn't require to
manually restart the recording after the automatic hourly icecast
disconnect:
while true ; do
wget http://icecast.ubuntu.com:8000/b3-m3.ogg
sleep 1
done
You'll of course end up with some files you don't need, but it makes
sure you have everything you want - even if a session lasts a bit longer
than planned ;-)
(Disk space is not really an issue - with ~30 MB per hour, you won't
fill up your harddisk even if you recode several days without any
break.)
> The general take away is that we will be continuing on the core
> improvements that we began back in UDS-Q (6 months ago), and we will
> begin the work towards sandboxing application on the desktop.
>
> In particular, we have plans to continue the work on adding apparmor
> support to dbus, having a trusted file picker that can be run outside
> of a sandbox, and a gsettings backend that can be used to mediate
> access to desktop settings.
IMHO the filepicker is the most important thing - basically it's the
only missing part needed to provide secure and non-annoying[1] profiles
for web browsers - and also other desktop applications
(but maybe I underestimate on how many places dbus is used nowadays...)
Regards,
Christian Boltz
[1] like "you can store downloaded files only in ~/downloads"
--
> vielleicht mal xp draufklatschen (tut weh, muß aber sein..wie bei
> einer Impfung) und da so ein Analyse Tool wie SiSandra laufen lassen.
Beim impfen tötet man die Erreger aber ab, bevor man sie verabreicht...
Wie macht man das mit XP?
[> Gunnar Salbeck und Manfred Tremmel in suse-linux]
More information about the AppArmor
mailing list