could you add this feature or discuss it at 13.04 Developer Summit?

Nicolas Michel be.nicolas.michel at
Thu Oct 18 08:33:49 UTC 2012

2012/10/18 Matthew Paul Thomas <mpt at>

> Hash: SHA1
> Nicolas Michel wrote on 17/10/12 07:23:
> >
> > I think what Brian wants (correct me if not) is an application
> > level firewall. On Windows most antivirus do it : you get a popup
> > when an application try to access something you didn't already
> > allowed to. I think what should be done is an AppArmor graphical
> > frontend (with notifications).
> If anyone would like to implement that, here's a design I prepared
> earlier. <>
> However, Brian specifically mentioned "the logging features of the
> application-firewall", not just the firewall itself.
> > ...
> >
> > But honestly, Linux is not Windows Brian. Every application is
> > open-source (except if you installed a propriatary app from the
> > net). It means from a security point of view that everyone can
> > read the source code (it he has the skill)  and see what the
> > application do exactly.
> As Ma pointed out, this is less true as USC sells more proprietary
> applications.

Maybe it should be the Canonical/Ubuntu responsibility to provide an
AppArmor profile for each proprietary app which is proposed. That profile
should be asked by the propriatary dev (saying what they need to access
to), validated and created by the ubuntu maintainer of that app. So even if
the devs of the propriatary app change the behavior of the app, it won't be
allowed without changing the AppArmor profile and so, everyone will know it.

Even if it was true, though, I expect it would be much
> easier to figure out what a program is doing network-wise by running
> something like wireshark, than by reading the source code for the
> application and all its dependencies.

> - --
> mpt
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAlB/uXIACgkQ6PUxNfU6ecqjuQCgpKCoOsdzbFvotkeXoysLAFA7
> VAIAnRxRkP9zFdCKsjBmeCKmFVaAW518
> =HcXw
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at
> Modify settings or unsubscribe at:

Nicolas MICHEL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Ubuntu-devel-discuss mailing list