hpr3299 :: Linux Inlaws S01E26: Make your Linux harder

Ever wanted to know about AppArmor and SELinux? Then this is your show!

Hosted by monochromec on Thursday, 2021-03-25 is flagged as Explicit and is released under a CC-BY-SA license.
Tags: Linux Security Modules, DAC, MAC, AppArmor, SELinux, Plan 9. Comments: 1.
The show is available on the Internet Archive at: https://archive.org/details/hpr3299

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:49:45

Part of the series: Linux Inlaws.

This is Linux Inlaws, a series on free and open source software, black humour, the revolution and freedom in general (this includes ideas and software) and generally having fun.

In this episode our two aging heroes discuss the proper temperature to drink beer at (spoiler: it's not 20 degrees as CAMRA would make you believe) and the ins and outs of basic and enhanced security on our beloved operating system. If you ever wanted to know more about Linux Security Modules, AppArmor and SELinux and how dames of negotiable affections relate to these concepts, this show is for you.

Shownotes:

Campaign for Real Ale: https://camra.org.uk/
Linux Security Modules: https://en.wikipedia.org/wiki/Linux_Security_Modules
SELinux: https://selinuxproject.org/page/Main_Page
SELinux on Android: https://source.android.com/security/selinux
AppArmor: https://gitlab.com/apparmor/apparmor/-/wikis/Documentation
RBAC with AppArmor: https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorRBAC
Plan 9: https://9p.io/plan9
Plan 9 from Outer Space: https://www.imdb.com/title/tt0052077
Man down: https://www.imdb.com/title/tt2461520/?ref_=fn_tt_tt_2
The Midnight Gospel: https://www.netflix.com/de-en/title/80987903

Show Transcript

Automatically generated using whisper

whisper --model tiny --language en hpr3299.wav

You can save these subtitle files to the same location as the HPR Episode, and they will automatically show in players like mpv, vlc. Some players allow you to specify the subtitle file location.

<< First, < Previous, Next >, Latest >>

Comments

Comment #1 posted on 2021-03-25 16:06:25 by nobody

Other MAC implementations

In the episode you weren't quite sure if there are other MACs for Linux beside SELinux and AppArmor and indeed, there are!

There is Smack which is quite uninteresting as it's just an another label based MAC, similar to SELinux.

To me the interesting one is TOMOYO which started as a pathname based filesystem similar to AppArmor but later started differentiating between applications based on their process invocation history. This means you can apply different policies on say /bin/sh depending on the chain of execution leading to it (kernel -> init -> getty -> login -> sh VS kernel -> init -> sshd -> sh). While this is also possible in AppArmor it is quite a lot more manual work and more difficult to reason about.

TOMOYO also has much nicer tools than either of the more well known MACs. SELinux has given MAC a bad name as being hard and laborious to manage. If instead of SELinux people would be first introduced to TOMOYO they would probably be much more inclined to implement a MAC.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Your Name/Handle:
Title:
Comment:
Anti Spam Question:	What does the letter P in HPR stand for?
Are you a spammer?	Yes No
Who is the host of this show?
What does HPR mean to you?

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at Thu, 21 Nov 2024 00:03:14 +0000