[apparmor] UDS

Christian Boltz apparmor at cboltz.de
Sat Oct 27 11:26:56 UTC 2012 

Hello,

I just had a short look at the UDS schedule - and basically it looks 
like the whole security track is about AppArmor ;-)

I'm not sure if I have time to listen to the livestreams, therefore let 
me send some questions and notes in advance:

Most important question: will there be audio recordings available for 
later download? (IIRC this didn't happen in the last years.)

Technical: please hand around the microphone (instead of just sitting 
around it) - otherwise the livestream is not lough enough and, when made 
louder, comes with lots of background noise.


About the "Application Confinement (Content Access Helper)" session:
At the risk of proposing something that you already came up with: ;-)

I'd propose to use a standalone binary that can be used by any 
application (Px'ed or Ux'ed) for file - open and file - save as. 
This binary should then copy the file to a temporary location (or use a 
socket?) and hand it over to the calling application. This solution 
would cover the most interesting[tm] usecases like confining web 
browsers or acroread.

Applications offering file - save (as in: save again, with the same 
name) might be a bit trickier, and applications allowing to specify a 
file to open at the commandline ("gimp foo.xcf") as well.
The problem is to make sure the user is aware that those files will be 
opened/written - OTOH displaying a confirmation dialog each time would 
work, but it would also be annoying.

There seems to be a xdg-file-dialog according to google, but I can't 
find it in the openSUSE repos. Nevertheless, it might be a good place 
where this feature could be implemented.

Oh, and if you implement this, please push it upstream for all 
applications - I'd love to have this feature in openSUSE too ;-)


And a final question that is somewhat unrelated: I remember that using 
etckeeper was discussed at the last(?) UDS. Did this happen in the 
meantime? If yes, how good does it work?


Regards,

Christian Boltz
-- 
Linux just isn't user-friendly when it comes to viruses. You have to
work to find and run them. It doesn't happen automatically as it does
with Windows. The GNU/Linux folks really should improve this glaring
discrepancy.
[http://os.newsforge.com/article.pl?sid=05/01/25/1430222&from=rss]

More information about the AppArmor mailing list