Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

[Solved] Should MX have apparmor installed and configured by default like Ubuntu?

Message
Author
User avatar
Raymzap
Forum Regular
Forum Regular
Posts: 104
Joined: Mon Aug 25, 2014 9:40 am

Re: Should MX have apparmor installed and configured by default like Ubuntu?

#21 Post by Raymzap » Wed Feb 21, 2018 4:02 pm

stsoh wrote:alrite, it is simple to disable apparmor if it is activated in future.
add apparmor=0 in kernel parameters.
edit /etc/default/grub file. update-grub n reboot.

Code: Select all

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash apparmor=0"
for those doesn't know how to do this, use grub customizer as in pic, save, exit n reboot.

note:
two securities maybe the cause of app breakages over the years.
in the future, when there are both selinux and apparmor securities are activated.
pick a one of these candies, apparmor=0 or selinux=0. choose your favor. :happy:
Handy tips there, thanks. :happy:
GNU/Linux User #470660

Linus Torvalds: "Microsoft isn't evil, they just make really crappy operating systems."

skidoo
Forum Regular
Forum Regular
Posts: 884
Joined: Tue Sep 22, 2015 6:56 pm

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#22 Post by skidoo » Wed Feb 21, 2018 9:36 pm

The topic is tricky and I already did a web search. I came here to try to get a more solid answer.
Aye, a websearch risks finding outdated or inaccurate (for a specific distribution) information.
By now, you probably realize that due the huge scope of the OP question, a "solid" answer would require a treatise+citations or a curated list of "suggested reading" reference links. Still, as an ongoing topic, it'll be beneficial to continue trading "tips" and "anecdotes" here.

User avatar
oops
Forum Regular
Forum Regular
Posts: 396
Joined: Tue Apr 10, 2018 5:07 pm

Re: Should MX have apparmor installed and configured by default like Ubuntu?

#23 Post by oops » Wed Sep 12, 2018 4:52 am

stsoh wrote:
Wed Feb 21, 2018 12:19 am
alrite, it is simple to disable apparmor if it is activated in future.
add apparmor=0 in kernel parameters.
edit /etc/default/grub file. update-grub n reboot.

Code: Select all

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash apparmor=0"
for those doesn't know how to do this, use grub customizer as in pic, save, exit n reboot.

note:
two securities maybe the cause of app breakages over the years.
in the future, when there are both selinux and apparmor securities are activated.
pick a one of these candies, apparmor=0 or selinux=0. choose your favor. :happy:
... Good point your On/Off easy switch, So the question remains ... apparmor, selinux, else or nothing is recommended by default into MX17 distro. ? ... apparmor should be the easiest ?

Edit & FI:
https://security.stackexchange.com/ques ... nd-selinux
These security systems provide tools to isolate applications from each other... and in turn isolate an attacker from the rest of the system when an application is compromised.

SELinux rule sets are incredibly complex but with this complexity you have more control over how processes are isolated. Generating these policies can be automated. A strike against this security system is that its very difficult to independently verify.

AppArmor (and SMACK) is very straight forward. The profiles can be hand written by humans, or generated using aa-logprof. AppArmor uses path based control, making the system more transparent so it can be independently verified.
$ inxi -S : System: Host:XEON Kernel: 4.16.0-xeon-01.efi x86_64 bits: 64 Desktop: Xfce 4.12.3 - Distro: MX-17.1_x64 Horizon


User avatar
Richard
Posts: 2132
Joined: Fri Dec 12, 2008 10:31 am

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#24 Post by Richard » Wed Sep 12, 2018 11:23 am

A non-problem; using MX Linux
since its inception in 2014, without incident.

See no reason to install something that MX/antiX devs
have not deemed worthy of including in their ISOs.

On the other hand, if you do have a use case for AppArmor,
then you need to learn all about it. A casual search turned up this:
https://blog.jessfraz.com/post/a-rant-o ... -security/
Seems it is used in Docker and still requires that you
understand why and for what you are using it.
MX171: Lenovo T430: Intel Ivy Bridge i5-3320M, 8GB RAM, 4.18.0-2-amd64, 119GB SSD
MX171: AA1/EeePC: DualCore N270, 1GB RAM, 4.9.126-antix.1-686-smp-pae, 150GB HDD
Doublecmd/Thunar/SpaceFM, LibO613, Dropbox, Firefox, CherryTree, Vbox. LinuxCounter #208633

User avatar
oops
Forum Regular
Forum Regular
Posts: 396
Joined: Tue Apr 10, 2018 5:07 pm

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#25 Post by oops » Wed Sep 12, 2018 2:05 pm

Richard wrote:
Wed Sep 12, 2018 11:23 am
A non-problem; using MX Linux
since its inception in 2014, without incident.
...
Hello Richard,
I think (and hope) than it is a non problem too, but why the others distributions usually provide by default Selinux or Apparmor, it is the question?
$ inxi -S : System: Host:XEON Kernel: 4.16.0-xeon-01.efi x86_64 bits: 64 Desktop: Xfce 4.12.3 - Distro: MX-17.1_x64 Horizon


skidoo
Forum Regular
Forum Regular
Posts: 884
Joined: Tue Sep 22, 2015 6:56 pm

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#26 Post by skidoo » Thu Sep 13, 2018 1:29 am

Distributions which target (cater to) use on servers and/or corporate destop workstations include a "policy enforcement" component (selinux or apparmor) so that in mass deployment scenarios, all "accounting department workstations" use the same-same policy template, all "sales department workstations" are identical... and all servers of a given type, or or particular use, within an organization are consistent/identical. That makes possible smooth support, troubleshooting, and upgrade rollouts across identically-apportioned machines.

User avatar
Gordon Cooper
Forum Guide
Forum Guide
Posts: 2073
Joined: Mon Nov 21, 2011 5:50 pm

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#27 Post by Gordon Cooper » Thu Sep 13, 2018 1:43 am

I am with Richard on this. No need for apparmor. Have been using MX since a few months after it started, I use it "as delivered", nave not found a need to install other bits and pieces, simply because Ubuntu or some other OS was using them. Yes, I have installed a couple of KDE programs, Okular and K3b, but merely because of past experience with them, but I have not asked if they should be in the MX release. MX continues to work very well for me without a heap of additions.
Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
Primary OS : MX-17.1 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.
Dell9010, MX-17.1, Win7

User avatar
oops
Forum Regular
Forum Regular
Posts: 396
Joined: Tue Apr 10, 2018 5:07 pm

Re: [Solved] Should MX have apparmor installed and configured by default like Ubuntu?

#28 Post by oops » Thu Sep 13, 2018 3:04 am

Interesting point of view skidoo, so for a normal user it is not absolutely needed.
$ inxi -S : System: Host:XEON Kernel: 4.16.0-xeon-01.efi x86_64 bits: 64 Desktop: Xfce 4.12.3 - Distro: MX-17.1_x64 Horizon


Post Reply

Return to “Software / Configuration”