"Expanded Security Maintenance for Applications" shown every time I log on!
Ralf Mardorf
kde.lists at yahoo.com
Sun Mar 12 19:20:43 UTC 2023
On Sun, 2023-03-12 at 18:32 +0100, Bo Berglund wrote:
> And what is apparmor?
Hi,
the MAC infrastructure [1] is especially required for snaps, but also
used as a security measure by non-snap distros. It's similar to SELinux.
I don't use such measures at all and still tend to build kernels with
CONFIG_AUDIT is not set. Disabling AUDIT might make no difference
anymore, due to all the Meltdown and Spectre mitigation. However, it's
arguable if apparmor or SELinux gains much, if the admin doesn't spend a
lot of time with setting up rules.
Regards,
Ralf
[1]
"Mandatory access control
Mandatory access control (MAC) is a type of security policy that differs
significantly from the discretionary access control (DAC) used by
default in Arch and most Linux distributions. MAC essentially means that
every action a program could perform that affects the system in any way
is checked against a security ruleset. This ruleset, in contrast to DAC
methods, cannot be modified by users. Using virtually any mandatory
access control system will significantly improve the security of your
computer, although there are differences in how it can be implemented."
- https://wiki.archlinux.org/title/Security#Mandatory_access_control
More information about the ubuntu-users
mailing list