Ubuntu Desktop Security Defaults

Null Ack nullack at gmail.com
Wed Apr 15 02:24:27 UTC 2009

> I guess I was hallucinating working on the apparmor profile for
> clamav-daemon and freshclam (also run as a daemon) today.

Thats great, though Scott please don't make the mistake of taking a
strawman approach. What I said was about AppArmor defaults. I dont see
my current dev build of the desktop having any profiles loaded by
default other than CUPS.

If the considered opinion is to continue with AppArmor then clearly
getting more profiles into it is the way to go.

However, if you look back into this discussion thread I think John
made a very sound set of points about the limitations of AppArmor /
SELInux etcetc type approaches for a desktop system and weaknesses of
X security. He makes what seems to be a very sound suggestion about
Plash and hooking into GTK, thus overcoming the problem of needing to
in advance make determinations about what a desktop user might do and
the X security problems.


More information about the Ubuntu-devel-discuss mailing list