Linux Magazine<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@opensuse" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>opensuse</span></a></span> Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer<br><a href="https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linux-magazine.com/Online/News</span><span class="invisible">/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux</span></a><br><a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumbleweed</span></a> <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/distro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>distro</span></a> <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
278active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#apparmor
0 posts · 0 participants · 0 posts today
openSUSE Linux<p>Starting with snapshot 20250211, <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> becomes the default <a href="https://fosstodon.org/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a> system for new installs, boosting security! 🔒 <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> is still optional. The first <a href="https://fosstodon.org/tags/boot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boot</span></a> might take a little time. <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumbleweed</span></a> <a href="https://news.opensuse.org/2025/02/13/tw-plans-to-adopt-selinux-as-default/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.opensuse.org/2025/02/13/t</span><span class="invisible">w-plans-to-adopt-selinux-as-default/</span></a></p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Thx for the info, then it is like that.</p><p>Here is the goal proposal</p><p><a href="https://phabricator.kde.org/T17370" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">phabricator.kde.org/T17370</span><span class="invisible"></span></a></p><p>Tbh, <a href="https://tux.social/tags/bubblewrap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bubblewrap</span></a> would need to be fixed drastically to be as secure as the <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a>. And (I am not sure yet) I think even <a href="https://tux.social/tags/Snaps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snaps</span></a> are more secure (on <a href="https://tux.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> with <a href="https://tux.social/tags/Apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apparmor</span></a> patches) than <a href="https://tux.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a> with the current system.</p><p>As far as I understood, sandboxing needs to happen in <a href="https://tux.social/tags/userspace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>userspace</span></a>, with tools like <a href="https://tux.social/tags/fuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuse</span></a> doing the work while being restricted by <a href="https://tux.social/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a> like <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> or Apparmor.</p>
Zygmunt Krynicki<p>I'm working on running <a href="https://fosstodon.org/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> end-to-end tests upstream, so that there are fewer regressions and better compatibility across different distributions and kernels.</p><p>I've been posting about it at <a href="https://lists.ubuntu.com/archives/apparmor/2024-November/013407.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.ubuntu.com/archives/appa</span><span class="invisible">rmor/2024-November/013407.html</span></a> and I've also opened an initial pull request at <a href="https://gitlab.com/apparmor/apparmor/-/merge_requests/1432" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/apparmor/apparmor/-</span><span class="invisible">/merge_requests/1432</span></a></p><p>I am very happy to have time to work on improving upstream state of the art for everyone using apparmor :-)</p>
Grimmauld<p>I am currently working on <a href="https://mastodon.grimmauld.de/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> support for <a href="https://mastodon.grimmauld.de/tags/nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixos</span></a> making profile definitions declared in the apparmor.d project available and functional.</p><p>You can read up on my initial approach at <a href="https://hedgedoc.grimmauld.de/s/hWcvJEniW#" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hedgedoc.grimmauld.de/s/hWcvJE</span><span class="invisible">niW#</span></a>. I am not done yet! Pull Requests into nixpkgs will come after 24.11 branch-of. In the meantime, progress will be shared here on mastodon.</p>
openSUSE Linux<p>In less than 30 minutes, you can watch a <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/techtalk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>techtalk</span></a> about switching from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> to <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a>. What are some successes, challenges & future expectations? Find out by watching. <a href="https://www.youtube.com/live/4uHmAiluDFo?si=-x0W2GPH71b-CI-C" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/live/4uHmAiluDFo?s</span><span class="invisible">i=-x0W2GPH71b-CI-C</span></a></p>
Peter Krefting<p>I don't seem to have enough google-fu to solve this myself: On my <a href="https://social.vivaldi.net/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> installations, <a href="https://social.vivaldi.net/tags/dmesg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dmesg</span></a> is full of <a href="https://social.vivaldi.net/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> logs for <a href="https://social.vivaldi.net/tags/Vivaldi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vivaldi</span></a>. Almost all of them are "ALLOW" entries, which seems completely irrelevant.</p><p>Is there a way to get AppArmor not to spam dmesg with messages? I can't find any settings about the amount of log messages in the AppArmor manual page or documentation.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload