partial solution: error: system does not fully support snap
Oliver Grawert
ogra at ubuntu.com
Wed May 4 09:06:48 UTC 2022
hi,
Am Mittwoch, dem 04.05.2022 um 09:37 +0200 schrieb robert rottermann:
> My question now is:
>
> can we use selinux on ubuntu 20.04 at all?
>
the kernel allows only one LSM [1]. selinux and Apparmor are thus
mutually exclusive. the Ubuntu (like OpenSuSE/SLES) security features
are crafted around apparmor instead of selinux.
while you can indeed always enable selinux on an Ubuntu system, you
will have to do all userspace integration work yourself to make any use
of it ... i.e. you lose all exsiting userspace integration the distro
developers created ...
while snaps expose this the most, since they are heavily depending on
apparmor features for their application confinement, there are also
plenty of debian packages that will operate with degraded security in
such a case and you would have to create selinux profiles for all of
them ...
ciao
oli
[1] https://en.wikipedia.org/wiki/Linux_Security_Modules
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20220504/16137b40/attachment.sig>
More information about the ubuntu-users
mailing list