On Sun, 17 Jun 2012 13:14:03 +0200, Claudius Hubig wrote: > I am running Testing/Sid amd64 with Multi-Arch enabled (i. e. Acrobat > Reader and Skype from i386) on a single-user machine and here’s what I > want to achieve: > > - Programs that process data ‘from the internet’ are only allowed to > access the files they strictly need to access, plus a $HOME/Desktop > (to share files with other such processes etc.) > - The same restrictions apply to childs of these processes - All other > processes are allowed to do whatever their standard Unix > permissions allow them to do. > > In the past, I achieved this via AppArmor and custom profiles for > Pidgin, Opera, Iceweasel and Skype[1,2].
I remember AppArmor was installed and ready-to-use in openSUSE, but to be sincere, I never bothered in enabling the profiles nor using them: too much hassle for a little gain. And I share the same feeling for SELinux, I mean, a tool that can be very helpful when it is properly configured and you know well about its possibilities but its setting up is not what we would consider a child game. > However, I just noticed that there don’t appear AppArmor profiles to be > around for Kernel 3.3 or 3.4, and, aside from that, only Ubuntu appears > to use it, while SELinux is much more common. A bit more reading in the > Debian Handbook then illustrated that SELinux is apparently more > powerful but also more complex than AppArmor. Debian used to include some support for SELinux but I dunno about the status for AppArmor. There's more information here: http://wiki.apparmor.net/index.php/Distro_debian AppArmor was firstly developed and maintained by Novell but IIRC it was Ubuntu who finally "took the control" (read it as "lead its development") over the project. > My question is: Would it make sense to deploy SELinux on my system to > achieve the tasks mentioned above? Mmm... I'd say no. > I know that security cannot be absolute, but I would feel much more > comfortable if an exploit in the MSN handler of Pidgin or a plugin gone > wild in Opera wouldn’t make my private SSH keys accessible to the world > :-) I find it a valid concern but for a mere user point of view, I would prefer having to deal with not that complex utilities to harden the system applications, for example, something like the sandbox or virtual machine concept, i.e., easy to deploy (some brosers already include a sandbox from where they run the dangerous plugins), easy to understand (a separate zone that cannot interefere with the host system) and easy to use ("run & go", or "install, run & go") :-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jrku56$f0n$1...@dough.gmane.org