Recent searches
Search options
#apparmor
0 posts0 participants0 posts today
@opensuse Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer
https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux
#openSUSE #Tumbleweed #AppArmor #SELinux #Linux #OpenSource #distro #FOSS #security
Starting with snapshot 20250211, #SELinux becomes the default #MAC system for new installs, boosting security! 
#AppArmor is still optional. The first #boot might take a little time. #openSUSE #Tumbleweed https://news.opensuse.org/2025/02/13/tw-plans-to-adopt-selinux-as-default/
openSUSE NewsTumbleweed Plans to Adopt SELinux as DefaultTumbleweed is planning to adopt SELinux as the default Linux Security Module (LSM) for new installations in the nearterm. The transition was announced on the...
Replied in thread
@kde@floss.social @kde@lemmy.kde.social
Thx for the info, then it is like that.
Here is the goal proposal
https://phabricator.kde.org/T17370
Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.
As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.
phabricator.kde.org⚓ T17370 Sandbox all the things!
I'm working on running #apparmor end-to-end tests upstream, so that there are fewer regressions and better compatibility across different distributions and kernels.
I've been posting about it at https://lists.ubuntu.com/archives/apparmor/2024-November/013407.html and I've also opened an initial pull request at https://gitlab.com/apparmor/apparmor/-/merge_requests/1432
I am very happy to have time to work on improving upstream state of the art for everyone using apparmor :-)
lists.ubuntu.com[apparmor] Exploring CI pipeline for integration tests of selected features
I am currently working on #apparmor support for #nixos making profile definitions declared in the apparmor.d project available and functional.
You can read up on my initial approach at https://hedgedoc.grimmauld.de/s/hWcvJEniW#. I am not done yet! Pull Requests into nixpkgs will come after 24.11 branch-of. In the meantime, progress will be shared here on mastodon.
In less than 30 minutes, you can watch a #security #techtalk about switching from #AppArmor to #SELinux. What are some successes, challenges & future expectations? Find out by watching. https://www.youtube.com/live/4uHmAiluDFo?si=-x0W2GPH71b-CI-C
I don't seem to have enough google-fu to solve this myself: On my #Debian installations, #dmesg is full of #AppArmor logs for #Vivaldi. Almost all of them are "ALLOW" entries, which seems completely irrelevant.
Is there a way to get AppArmor not to spam dmesg with messages? I can't find any settings about the amount of log messages in the AppArmor manual page or documentation.