[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology
Return Catalog Bottom Refresh
Thread archived.
You cannot reply anymore.
[Advertise on 4chan]
[Return] [Catalog] [Bottom]
Anonymous Archived
11/02/25(Sun)10:26:19 No.107082110
File: IMG_1184.jpg (17 KB, 650x400)
17 KB
17 KB JPG
Anonymous 11/02/25(Sun)10:26:19 No.107082110 Archived
All distros should come with this
>>
Anonymous
11/02/25(Sun)10:27:51 No.107082125
Anonymous 11/02/25(Sun)10:27:51 No.107082125
>>107082110
>All distros should come with this
Why? Explain your reason OP?
>>
Anonymous
11/02/25(Sun)10:28:53 No.107082137
Anonymous 11/02/25(Sun)10:28:53 No.107082137
>>107082125
because nsa said so.
>>
Anonymous
11/02/25(Sun)10:30:15 No.107082156
Anonymous 11/02/25(Sun)10:30:15 No.107082156
>>107082125
Because it sandboxes everything. Its just better to have.
>>
Anonymous
11/02/25(Sun)10:30:50 No.107082164
Anonymous 11/02/25(Sun)10:30:50 No.107082164
>>107082110
not wrong
>>
Anonymous
11/02/25(Sun)10:31:04 No.107082166
Anonymous 11/02/25(Sun)10:31:04 No.107082166
>>107082110
nsa backdoor?
>>
Anonymous
11/02/25(Sun)10:32:52 No.107082178
Anonymous 11/02/25(Sun)10:32:52 No.107082178
>>107082110
Use case?
>>
Anonymous
11/02/25(Sun)10:34:21 No.107082194
Anonymous 11/02/25(Sun)10:34:21 No.107082194
>>107082156
>Because it sandboxes everything. Its just better to have.
Why not apparmor?
>>
Anonymous
11/02/25(Sun)10:36:14 No.107082203
Anonymous 11/02/25(Sun)10:36:14 No.107082203
>>107082110
All serious distros do.
>>
Anonymous
11/02/25(Sun)10:36:53 No.107082214
Anonymous 11/02/25(Sun)10:36:53 No.107082214
>>107082110
True! It's so simple but effective sadly only available by giga chad company distros, (or set it up yourself lmao), that care about their users (openSUSE, Fedora, Android). Imho it's even better than a AntiVirus, because it prevents Apps from doing shit, not just WHEN they are doing shit *altert* I know, you can make the argument "don't you trust your repo?" Sure, I do, but better safe, than sorry, people shit on chromeos, but there is a reason why they use the linux kernel and SELinux "but it's muh system, SELinux is from the gov!!!" nigger it's open sauce. "
>>
Anonymous
11/02/25(Sun)10:38:36 No.107082224
Anonymous 11/02/25(Sun)10:38:36 No.107082224
>>107082194
I'd use AppArmor on non rpm distros, because setting up SELinux is cancer.
>>
Anonymous
11/02/25(Sun)10:41:37 No.107082250
Anonymous 11/02/25(Sun)10:41:37 No.107082250
>>107082110
It's pretty good. Wish it was more obvious/intuitive when its the reason you cant run something but otherwise I'm impressed. Ive had this + fedora coreos for a while now and happy with how easy it is to manage. At my work as part of our general ansible playbook we disable selinux. Got hacked last year, not very good.
>>
Anonymous
11/02/25(Sun)10:42:45 No.107082263
Anonymous 11/02/25(Sun)10:42:45 No.107082263
>>107082110
AppArmor is better.
>>
Anonymous
11/02/25(Sun)10:44:05 No.107082276
Anonymous 11/02/25(Sun)10:44:05 No.107082276
>>107082263
>AppArmor is better.
Do you actually believe that or do you just want to be contrarian?
>>
Anonymous
11/02/25(Sun)10:47:47 No.107082307
Anonymous 11/02/25(Sun)10:47:47 No.107082307
>>107082194
Because you have to set up the profiles manually then.
>>
Anonymous
11/02/25(Sun)11:04:38 No.107082460
Anonymous 11/02/25(Sun)11:04:38 No.107082460
>>107082276
>Do you actually believe that
Yes, I do.

SELinux gives you more granularity with labels instead of AppArmor's types, but this goes at the cost of complexity. And as shit growths, it becomes harder and harder to understand what is even going on with. So as result, you also now getting more holes that can be potentially pocked without your awareness; there's no way you understand all these rules. Or shit becomes too rigid to do anything useful. People then give it a try to wrestle the system, only to eventually realize what nightmare it actually is. And then do what >>107082250 described - they just entirely turn it off and move on.

And yeah, AppArmor isn't as powerful, but it's very rarely stays in the way. And unlike SELinux I never had problems debugging it, to figure out what the problem is.
[Return] [Catalog] [Top]
Post a Reply
Return Catalog Top Refresh
[Advertise on 4chan]
Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.