this post was submitted on 11 Sep 2024
64 points (98.5% liked)

Linux

48632 readers
1199 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ndlug.org/post/1104312

The upcoming Ubuntu 24.10 operating system promises a new feature called “permissions prompting” for an extra layer of privacy and security.

The new permissions prompting feature in Ubuntu will let users control, manage, and understand the behavior of apps running on their machines. It leverages Ubuntu’s AppArmor implementation and enables fine-grained access control over unmodified binaries without having to change the app’s source code.

From Ubuntu Discourse: Ubuntu Desktop’s 24.10 Dev Cycle - Part 5: Introducing Permissions Prompting

This solution consists of two new seeded components in Ubuntu 24.10, prompting-client and desktop-security-center alongside deeper changes to snapd and AppArmor available in the upcoming snapd 2.65. The first is a new prompting client (built in Flutter) that surfaces the prompt requests from the application via snapd. The second is our new Security Center:

In this release the Security Center is the home for managing your prompt rules, over time we will expand its functionality to cover additional security-related settings for your desktop such as encryption management and firewall control.

...

With prompting enabled, an application that has access to the home interface in its AppArmor profile will trigger a request to snapd to ask the user for more granular permissions at the moment of access:

As a result, users now have direct control over the specific directories and file paths an application has access to, as well its duration. The results of prompts are then stored in snapd so they can be queried and managed by the user via the Security Center.

you are viewing a single comment's thread
view the rest of the comments
[–] Bitrot@lemmy.sdf.org 11 points 3 months ago* (last edited 3 months ago) (1 children)

Thats why they said “Ubuntu’s AppArmor implementation”, as in how they configure and integrate it.

[–] melroy@kbin.melroy.org 1 points 3 months ago (1 children)

is that what they mean by that? I also know it reads: “Ubuntu’s AppArmor implementation". But I didn't knew it need additional "implementation". I can just run: sudo aa-status. I still think it's just a standalone module, and Ubuntu or Debian literately doesn't need to implement anything extra afaik. Maybe only some configuration files at: /etc/apparmor.d (and most of these files are most likely also not coming from Ubuntu xD)

[–] Bitrot@lemmy.sdf.org 5 points 3 months ago (1 children)

Specific configuration is an implementation, as are hooks they may add to their own software to leverage features. Both Debian and Ubuntu also build their own profiles.

[–] melroy@kbin.melroy.org 1 points 3 months ago (1 children)

I see. Interesting. In my case AppArmor seems to be enabled by default under Linux Mint. As well as under my Ubuntu Server. I might need to look into this better, it looks like an important topic that many people overlooked.

It says for example "107 processes are in enforce mode". But also.. 4 profiles are in complain mode..

[–] Bitrot@lemmy.sdf.org 5 points 3 months ago (1 children)

It’s probably something most people could learn a bit more about. On Red Hat or Fedora you don’t have to get too far out of vanilla before SELinux starts breaking things (oh, you wanted your custom systemd service to run that binary from that directory? Tough! Figure it out!), in comparison AppArmor on Ubuntu and Debian seems to get in the way a lot less. I’m not sure if that’s due to how it functions as a product or upfront work to configure it to be less intrusive.

[–] melroy@kbin.melroy.org 3 points 3 months ago

That is very correct. SELinux is an alternative to AppArmor. But SELinux is much more secure but that comes with a cost. And that is the cost you just described. SELinux is much more advanced and gives you much more control.