[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology
Return Catalog Bottom Refresh
Name
Options
Comment
Verification
4chan Pass users can bypass this verification. [Learn More] [Login]
File
  • Please read the Rules and FAQ before posting.
  • You may highlight syntax and preserve whitespace by using [code] tags.
08/21/20New boards added: /vrpg/, /vmg/, /vst/ and /vm/
05/04/17New trial board added: /bant/ - International/Random
10/04/16New board for 4chan Pass users: /vip/ - Very Important Posts
[Hide] [Show All]
[Advertise on 4chan]
[Return] [Catalog] [Bottom]
Anonymous
 No.108816446
File: 1778702198328.jpg (14 KB, 474x237)
14 KB JPG
 No.108816446
>the best security feature we have to sandbox programs
>takes hours to configure per program
I want to kill myself, apparmor sisters
>>
Anonymous
 No.108816454
 No.108816454
>>108816446
Try vibe configuring it.
>>
Anonymous
 No.108816581
 No.108816581
File: 1662479014568.png (385 KB, 720x720)
385 KB PNG
>>108816446
Use systemd-nspawn instead.
>>
Anonymous
 No.108816675
 No.108816675
File: 1778704781374.png (1.58 MB, 1875x1080)
1.58 MB PNG
>>108816581
looks like it's on my level
tank yew big sis
>>
Anonymous
 No.108816687
 No.108816687
@grok write an apparmor config for this app please
>>
Anonymous
 No.108816690
 No.108816690
>>108816446
SELinux > AppArmor
>>
Anonymous
 No.108816700
 No.108816700
>>108816690
>>108816690
If he can't figure out apparmor he's definitely not going to figure out SELinux.
>>
Anonymous
 No.108816706
 No.108816706
>>108816690
SELinux is the ultimate corporate busywork.
Policies can be so idiotically complex, it's unreal.
>>
Anonymous
 No.108816721
 No.108816721
>>108816690
Literal NSAware
>>
Anonymous
 No.108816993
 No.108816993
>>108816690
nice try NSA
>>
Anonymous
 No.108818192
 No.108818192
>>108816446
>best
not even close. just use namespaces.
>>
Anonymous
 No.108820346
 No.108820346
There are plenty of pre-configured profiles

https://github.com/roddhjav/apparmor.d
>>
Anonymous
 No.108820395
 No.108820395
>>108816446
I always preferred tomoyo for systemwide hardending and firejail for specific/situational suff, i only use apparmor because my distro ships it already enabled.
>>
Anonymous
 No.108820445
 No.108820445
>>108816690
if he already whinges about apparmour config then he's gonna cry rivers about selinux config.
>>
Anonymous
 No.108820528
 No.108820528
>>108816690
SELinux seems to be more complete in the kernel whereas apparmor has missing parts, but from a configuration standpoint, I think apparmor is significantly more granular by default...
>>
Anonymous
 No.108820881
 No.108820881
>>108816581
>systemd-NSApawn
>>
Anonymous
 No.108821334
 No.108821334
>>108816446
You don't need more than seccomp/namespaces/landlock.
seccomp == OpenBSD pledge()
namespaces+landlock == OpenBSD unveil()

The Linux implementations are inferior to OpenBSD obviously, but they serve the same purpose.
>>
Anonymous
 No.108821337
 No.108821337
>>108816690
>NSAlinux
>>
Anonymous
 No.108821360
 No.108821360
Selinux mogs it.
>>
Anonymous
 No.108821370
 No.108821370
File: 1703908961779.png (338 KB, 600x982)
338 KB PNG
>>108821360
>t.
>>
Anonymous
 No.108821382
 No.108821382
>>108821370
Lazy cunt.
>>
Anonymous
 No.108821395
 No.108821395
File: 1705527051256.png (307 KB, 680x420)
307 KB PNG
>>108821382
>Lazy cunt.
>>
Anonymous
 No.108821406
 No.108821406
>>108816446
Just use namespaces... podman for CLI shit and daemons and flatpak for UI shit are perfect and shield you from the usual UNIX retardism of "if an attacker excutes one malicious line of code, your entire computer is fucked".

AppArmor and SELinux are archaic attempts to make the old, non-sandboxed model work.
>>
Anonymous
 No.108822421
 No.108822421
>>108821406
>flatpak for UI shit
The thing is, I want to run an AppImage built with electron. This limits the options I have. I don't think this will work
>>
Anonymous
 No.108823485
 No.108823485
>>108821334
He probably does for GUI applications
>>
Anonymous
 No.108824718
 No.108824718
zump
[Return] [Catalog] [Top]
Post a Reply
Return Catalog Top Refresh
[Advertise on 4chan]
Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.