Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at


hpr3299 :: Linux Inlaws S01E26: Make your Linux harder

Ever wanted to know about AppArmor and SELinux? Then this is your show!

<< First, < Previous, , Latest >>

Hosted by monochromec on 2021-03-25 is flagged as Explicit and is released under a CC-BY-SA license.
Linux Security Modules, DAC, MAC, AppArmor, SELinux, Plan 9. 1.
The show is available on the Internet Archive at: https://archive.org/details/hpr3299

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:49:45

Linux Inlaws.

This is Linux Inlaws, a series on free and open source software, black humour, the revolution and freedom in general (this includes ideas and software) and generally having fun.

In this episode our two aging heroes discuss the proper temperature to drink beer at (spoiler: it's not 20 degrees as CAMRA would make you believe) and the ins and outs of basic and enhanced security on our beloved operating system. If you ever wanted to know more about Linux Security Modules, AppArmor and SELinux and how dames of negotiable affections relate to these concepts, this show is for you.

Shownotes:


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2021-03-25 16:06:25 by nobody

Other MAC implementations

In the episode you weren't quite sure if there are other MACs for Linux beside SELinux and AppArmor and indeed, there are!

There is Smack which is quite uninteresting as it's just an another label based MAC, similar to SELinux.

To me the interesting one is TOMOYO which started as a pathname based filesystem similar to AppArmor but later started differentiating between applications based on their process invocation history. This means you can apply different policies on say /bin/sh depending on the chain of execution leading to it (kernel -> init -> getty -> login -> sh VS kernel -> init -> sshd -> sh). While this is also possible in AppArmor it is quite a lot more manual work and more difficult to reason about.

TOMOYO also has much nicer tools than either of the more well known MACs. SELinux has given MAC a bad name as being hard and laborious to manage. If instead of SELinux people would be first introduced to TOMOYO they would probably be much more inclined to implement a MAC.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?