🚀 Несерьёзный Выдумщик 👨🔬<p>Хорошая и <a href="https://habr.com/ru/articles/541190/" rel="nofollow noopener noreferrer" target="_blank">годная статья</a> про безопасность <a href="https://shitpost.poridge.club/tags/Android" rel="nofollow noopener noreferrer" target="_blank">#Android</a><span> устройств с разблокированным загрузчиком.<br>Детально и подробно, с разных сторон разобран процесс загрузки Android-систем нескольких версий, включая </span><a href="https://shitpost.poridge.club/tags/LineageOS" rel="nofollow noopener noreferrer" target="_blank">#LineageOS</a><span> и виды сборок прошивок.<br>Рассмотрен подход к работе </span><a href="https://shitpost.poridge.club/tags/Magisk" rel="nofollow noopener noreferrer" target="_blank">#Magisk</a> и варианты получения root'а разными средствами с учётом контекстов <a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener noreferrer" target="_blank">#SELinux</a>, а так же работа через <a href="https://shitpost.poridge.club/tags/adb" rel="nofollow noopener noreferrer" target="_blank">#adb</a><span> (в каких случаях имеет root'привелегии).<br>Статья большая, но полезная с точки зрения «получить представление» без упрощений, а с техническими деталями.<br><br>TL;DR<br>Глупо выключать устройство, когда остаётся без присмотра, а описываемый сценарий не касается уже работающего (загруженного полностью, включённого) девайса. Если же устройство неожиданно оказалось выключенным, то нельзя включать и вводить пин\пароль. Сперва надо проверить содержимое разделов (на тот или иной вариант «нагрузки»). Т.е. включать через </span><code>fastboot</code>, прошивать заново рекавери (<a href="https://shitpost.poridge.club/tags/TWRP" rel="nofollow noopener noreferrer" target="_blank">#TWRP</a> или <a href="https://shitpost.poridge.club/tags/OrangeFox" rel="nofollow noopener noreferrer" target="_blank">#OrangeFox</a><span>) и прошерстить\восстановить разделы.<br><br>Очень наглядно видно зачем в ОС нужны такие вещи как mandatory access control (MAC):<br>• </span><a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener noreferrer" target="_blank">#SELinux</a><span> (авторство АНБ США),<br>• </span><a href="https://shitpost.poridge.club/tags/AppArmor" rel="nofollow noopener noreferrer" target="_blank">#AppArmor</a><span> (via Novell & Immunix),<br>• российский аналог в AstraLinux.<br><br>На статью навёл </span><a href="https://social.openhood.ru/@sun_rise" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sun_rise@social.openhood.ru</a><span> <br><br></span><a href="https://shitpost.poridge.club/tags/AndroidSecurity" rel="nofollow noopener noreferrer" target="_blank">#AndroidSecurity</a> <a href="https://shitpost.poridge.club/tags/MAC" rel="nofollow noopener noreferrer" target="_blank">#MAC</a> <a href="https://shitpost.poridge.club/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://shitpost.poridge.club/tags/privacy" rel="nofollow noopener noreferrer" target="_blank">#privacy</a><span><br></span><a href="https://mastodon.social/@russian_mastodon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@russian_mastodon@mastodon.social</a> <a href="https://3zi.ru/@Russia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Russia@3zi.ru</a> <a href="https://social.sley.nl/@rur" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rur@social.sley.nl</a></p>
Recherches récentes
Aucune recherche récente
Options de recherche
Disponible uniquement lorsque vous êtes connecté.
mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.
Administré par :
Statistiques du serveur :
596comptes actifs
mastouille.fr: À propos · Annuaire des profils · Politique de confidentialité
Mastodon: À propos · Télécharger l’application · Raccourcis clavier · Voir le code source · v4.3.4
#apparmor
0 message · 0 participant · 0 message aujourd’hui
openSUSE Linux<p>Find out what happened in this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oSC25</span></a> talk about the switch of <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> as the default MAC system in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> Tumbleweed, This talk will explore the shift from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> and the lessons learned. A must-watch for those following system security! 🐧 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/8wBLbhSjDwE?si=1fOBIH</span><span class="invisible">kq1KkU5ynV</span></a></p>
Solus<p>Heya, folks! We have an update on <a href="https://floss.social/tags/Snap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snap</span></a> and <a href="https://floss.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> support in <a href="https://floss.social/tags/Solus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Solus</span></a>. We are holding off on our planned Snap support removal for now, as there has been recent progress in upstreaming the AppArmor patch set to the <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> kernel. We still recommend <a href="https://floss.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a>, which has integration in GNOME Software and KDE Discover.</p><p>Read more about it on our blog: <a href="https://getsol.us/2025/05/05/snapd-update/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">getsol.us/2025/05/05/snapd-upd</span><span class="invisible">ate/</span></a></p><p>- Evan</p>
Linux G. Fossman<p><span class="h-card" translate="no"><a href="https://framapiaf.org/@debacle" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>debacle</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@alatiera" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alatiera</span></a></span> That's great - I love <a href="https://social.vivaldi.net/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> : ) I do wish, however, that <a href="https://social.vivaldi.net/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a> native apps on Debian using <a href="https://social.vivaldi.net/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> was as <a href="https://social.vivaldi.net/tags/noobeasy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>noobeasy</span></a>* as using <a href="https://social.vivaldi.net/tags/flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flatpak</span></a> apps with <a href="https://social.vivaldi.net/tags/Flatseal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatseal</span></a>. </p><p><a href="https://social.vivaldi.net/tags/noobeasy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>noobeasy</span></a> <a href="https://social.vivaldi.net/tags/noobsimple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>noobsimple</span></a> <a href="https://social.vivaldi.net/tags/newword" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>newword</span></a> <a href="https://social.vivaldi.net/tags/neword" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>neword</span></a> <a href="https://social.vivaldi.net/tags/did_i_just_invent_a_new_word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>did_i_just_invent_a_new_word</span></a>?</p>
varx/tech<p>I've seen <a href="https://infosec.exchange/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> used primarily to *harden* the security of an existing program. Is it also reasonable to use it to *sandbox* known-malicious code? Or are other methods required?</p><p>(I assume you also want ulimit or similar on the side, but that's to prevent resource consumption attacks rather than sandbox escapes.)</p><p><a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a></p>
Linux Magazine<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@opensuse" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>opensuse</span></a></span> Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer<br><a href="https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linux-magazine.com/Online/News</span><span class="invisible">/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux</span></a><br><a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumbleweed</span></a> <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/distro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>distro</span></a> <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
LinuxNews.de<p>Neues von openSUSE<br><a href="https://linuxnews.de/neues-von-opensuse/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxnews.de/neues-von-opensus</span><span class="invisible">e/</span></a> <a href="https://social.anoxinon.de/tags/opensuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensuse</span></a> <a href="https://social.anoxinon.de/tags/sles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sles</span></a> <a href="https://social.anoxinon.de/tags/tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tumbleweed</span></a> <a href="https://social.anoxinon.de/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> <a href="https://social.anoxinon.de/tags/selinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selinux</span></a> <a href="https://social.anoxinon.de/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a></p>
openSUSE Linux<p>Starting with snapshot 20250211, <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> becomes the default <a href="https://fosstodon.org/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a> system for new installs, boosting security! 🔒 <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> is still optional. The first <a href="https://fosstodon.org/tags/boot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boot</span></a> might take a little time. <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumbleweed</span></a> <a href="https://news.opensuse.org/2025/02/13/tw-plans-to-adopt-selinux-as-default/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.opensuse.org/2025/02/13/t</span><span class="invisible">w-plans-to-adopt-selinux-as-default/</span></a></p>
Tom<p><span class="h-card" translate="no"><a href="https://piou.foolbazar.eu/@joel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>joel</span></a></span> I've used <a href="https://mastodon.bsd.cafe/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> before but it is a real pain to get working. You have to set it in warn mode while you tweak the permissions and it's rounds of trial & error. Only after that you tell it to enforce and it has locked that process down properly. </p><p>Some apps will undoubtedly be easier than others. I've had to do it on PHP web apps and it was a nightmare.</p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Thx for the info, then it is like that.</p><p>Here is the goal proposal</p><p><a href="https://phabricator.kde.org/T17370" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">phabricator.kde.org/T17370</span><span class="invisible"></span></a></p><p>Tbh, <a href="https://tux.social/tags/bubblewrap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bubblewrap</span></a> would need to be fixed drastically to be as secure as the <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a>. And (I am not sure yet) I think even <a href="https://tux.social/tags/Snaps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snaps</span></a> are more secure (on <a href="https://tux.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> with <a href="https://tux.social/tags/Apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apparmor</span></a> patches) than <a href="https://tux.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a> with the current system.</p><p>As far as I understood, sandboxing needs to happen in <a href="https://tux.social/tags/userspace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>userspace</span></a>, with tools like <a href="https://tux.social/tags/fuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuse</span></a> doing the work while being restricted by <a href="https://tux.social/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a> like <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> or Apparmor.</p>
Ascendor<p>Here, <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> people: </p><p><a href="https://social.tchncs.de/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> or <a href="https://social.tchncs.de/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> - what would you prefer (and for what reasons)?</p>
Zygmunt Krynicki<p>I'm working on running <a href="https://fosstodon.org/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> end-to-end tests upstream, so that there are fewer regressions and better compatibility across different distributions and kernels.</p><p>I've been posting about it at <a href="https://lists.ubuntu.com/archives/apparmor/2024-November/013407.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.ubuntu.com/archives/appa</span><span class="invisible">rmor/2024-November/013407.html</span></a> and I've also opened an initial pull request at <a href="https://gitlab.com/apparmor/apparmor/-/merge_requests/1432" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/apparmor/apparmor/-</span><span class="invisible">/merge_requests/1432</span></a></p><p>I am very happy to have time to work on improving upstream state of the art for everyone using apparmor :-)</p>
Programmer 832-529 🍅<p>I've uploaded the <a href="https://social.dropbear.xyz/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> <a href="https://social.dropbear.xyz/tags/WordPress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WordPress</span></a> release 6.7 packages last night. I've re-jigged the auto update code so it doesn't complain; if you're using the package you're using Debian updates. Also the <a href="https://social.dropbear.xyz/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> profile will probably need tweaking as it looks like there is another directory.</p>
Grimmauld<p>I am currently working on <a href="https://mastodon.grimmauld.de/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a> support for <a href="https://mastodon.grimmauld.de/tags/nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nixos</span></a> making profile definitions declared in the apparmor.d project available and functional.</p><p>You can read up on my initial approach at <a href="https://hedgedoc.grimmauld.de/s/hWcvJEniW#" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hedgedoc.grimmauld.de/s/hWcvJE</span><span class="invisible">niW#</span></a>. I am not done yet! Pull Requests into nixpkgs will come after 24.11 branch-of. In the meantime, progress will be shared here on mastodon.</p>
jbz<p>🔓 The Insecurity of Debian </p><p>「 In a SELinux environment, a compromised container faces substantial hurdles in accessing or affecting the host system or other containers, thanks to the dual barriers of type enforcement and MCS labels 」</p><p><a href="https://unix.foo/posts/insecurity-of-debian/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">unix.foo/posts/insecurity-of-d</span><span class="invisible">ebian/</span></a></p><p><a href="https://indieweb.social/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> <a href="https://indieweb.social/tags/redhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redhat</span></a> <a href="https://indieweb.social/tags/selinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selinux</span></a> <a href="https://indieweb.social/tags/apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apparmor</span></a></p>
fenix<p>Come autorizzare l’esecuzione di un <a href="https://mastodon.uno/tags/AppImage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppImage</span></a> sul desktop in modo che <a href="https://mastodon.uno/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> non la blocchi.</p><p><a href="https://vitforlinux.wordpress.com/2024/07/18/come-autorizzare-lesecuzione-di-un-appimage-sul-desktop-in-modo-che-apparmor-non-la-blocchi/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vitforlinux.wordpress.com/2024</span><span class="invisible">/07/18/come-autorizzare-lesecuzione-di-un-appimage-sul-desktop-in-modo-che-apparmor-non-la-blocchi/</span></a></p><p><a href="https://mastodon.uno/tags/UnoLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnoLinux</span></a> <a href="https://mastodon.uno/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a></p>
OMG! Ubuntu!<p>Ubuntu Fast-Tracks AppArmor Fix for Flatpak Apps Failing to Start in Ubuntu</p><p>The recent update to AppArmor to fix issues with 3rd-party apps unable to run on Ubuntu 24.04 LTS due to its security hardening inadvertently prevents a fleet of popular Flatpak apps from running. The Telegram Desktop, KeePassXC, and Steam clients are among Flatpak apps affected, some throwing an apparmor="DENIED" error apparently due to the AppArmor profile for the Bubblewrap sandboxing tool (used by many Linux apps) in the prior update. To be clear: snap, DEB, and binary versions of the software above aren’t affected, only Flatpaks. But good news: Ubuntu’s developers got to work to identify the cause, aided by :sys_more_orange:<br><a href="https://hello.2heng.xin/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://hello.2heng.xin/tags/Apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apparmor</span></a> <a href="https://hello.2heng.xin/tags/Bugs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bugs</span></a> <a href="https://hello.2heng.xin/tags/FlatpakApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlatpakApps</span></a> <a href="https://hello.2heng.xin/tags/Ubuntu24_04Lts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu24_04Lts</span></a> </p><p>:sys_omgubuntu: <a href="https://www.omgubuntu.co.uk/2024/07/ubuntu-apparmor-fix-for-telegram-flatpak" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">omgubuntu.co.uk/2024/07/ubuntu</span><span class="invisible">-apparmor-fix-for-telegram-flatpak</span></a></p>
Thorsten Leemhuis (acct. 1/4)<p>TIL: <a href="https://fosstodon.org/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> apparently carries a "huge" <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> patchset in their <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kernel</span></a>:</p><p>"'To start with, the patchset is huge; it is upwards of 60 separate patches, making it a significant maintenance burden. Since the set is maintained and updated by <a href="https://fosstodon.org/tags/Canonical" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Canonical</span></a>, we can only update to a new kernel after they’ve updated all of those patches, which sometimes takes a long time, or even doesn’t happen at all, as with the 6.9 kernel series.'"</p><p><a href="https://getsol.us/2024/07/15/dropping-apparmor-kernel-patches/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">getsol.us/2024/07/15/dropping-</span><span class="invisible">apparmor-kernel-patches/</span></a> <a href="https://fosstodon.org/tags/LinuxKernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxKernel</span></a></p>
Solus :solus:<p>Heya folks! We just made a new blog post about kernel AppArmor patches and Snap support. Check it out on our website: <a href="https://getsol.us/2024/07/15/dropping-apparmor-kernel-patches/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">getsol.us/2024/07/15/dropping-</span><span class="invisible">apparmor-kernel-patches/</span></a></p><p><a href="https://fosstodon.org/tags/Solus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Solus</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppArmor</span></a> <a href="https://fosstodon.org/tags/Snap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snap</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></p><p>- Evan</p>
OMG! Ubuntu!<p>AppArmor Update Coming to Fix Broken Apps in Ubuntu 24.04</p><p>If you’ve been experiencing issues getting some apps to run or work properly in Ubuntu 24.04 LTS it may be down to the distro using AppArmor to restrict the creation of user namespaces. This change (which I touched on in my article look at what’s new in Ubuntu 24.04 LTS) is there to bolster security. After all, no-one wants icky apps free to do icky things, unchecked. But the change means AppArmor policies are (somewhat expectedly) preventing some apps from running at all, and breaking features in other apps if they rely on components AppArmor isn’t configured to allow. When :sys_more_orange:<br><a href="https://hello.2heng.xin/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://hello.2heng.xin/tags/Apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apparmor</span></a> <a href="https://hello.2heng.xin/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://hello.2heng.xin/tags/Ubuntu24_04Lts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu24_04Lts</span></a> </p><p>:sys_omgubuntu: <a href="https://www.omgubuntu.co.uk/2024/06/apparmor-update-fix-coming-ubuntu" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">omgubuntu.co.uk/2024/06/apparm</span><span class="invisible">or-update-fix-coming-ubuntu</span></a></p>
ExplorerFlux en direct
Mastodon est le meilleur moyen de suivre ce qui se passe.
Suivez n'importe qui à travers le fédivers et affichez tout dans un ordre chronologique. Ni algorithmes, ni publicités, ni appâts à clics en perspective.
Créer un compteSe connecterGlissez et déposez pour envoyer