Arch Linux

Gullible Jones

Member

Registered: 2004-12-29

Posts: 4,863

AppArmor for Arch Linux?

Just a thought... The newest version of Ubuntu is getting AppArmor installed by default. With other distros implementing measures like that, might it not be a good idea to put the necessary stuff in the Current repo? I'm not sure if AppArmor can be loaded as a module(s), but if it can it would be cool and prudent to make it availeble in the main repos.

hussam

Member

Registered: 2006-03-26

Posts: 572

Website

Re: AppArmor for Arch Linux?

How about SELinux? I'm not familiar with any of them but Redhat uses SELinux so unless AppArmor is easier to implment, SELinux might be the better option.

iBertus

Member

From: Greenville, NC

Registered: 2004-11-04

Posts: 2,228

Re: AppArmor for Arch Linux?

I'm not sure about AppArmor but SELinux would require major changes to an existing system. I've been wanting to try it but I'm too lazy to configure Arch to support it.

chaosgeisterchen

Member

From: Kefermarkt, Upper Austria

Registered: 2006-11-20

Posts: 550

Re: AppArmor for Arch Linux?

Trying out SELinux seems to work with Arch, look here.

I haven't tried it all myself, though.

---

celestary
Intel Core2Duo E6300 @ 1.86 GHz
kernel26
KDEmod current repository

FeatherMonkey

Member

Registered: 2007-02-26

Posts: 313

Re: AppArmor for Arch Linux?

I get the impression that AppArmor has the ease of use but also get the feeling that SELinux is far more secure, sure I've seen the discussion on the Suse forums. On the dubious page thats Wiki I found this.

"a file that is inaccessible may become accessible under AppArmor when a hard link is created to it, while SELinux would deny access through the newly created hard link"

ekerazha

Member

Registered: 2007-02-27

Posts: 290

Re: AppArmor for Arch Linux?

I think AppArmor would be a great addition:

1) Easier to implement than SELinux
2) Easier to manage than SELinux
3) Maybe a bit less secure than SELinux BUT being path-based you can also restrict network shares.

So... +1 for AppArmor.

robotangel

Member

From: cologne/germany

Registered: 2007-08-30

Posts: 63

Re: AppArmor for Arch Linux?

+1 for AppArmor because of the easier configuration.

Gullible Jones

Member

Registered: 2004-12-29

Posts: 4,863

Re: AppArmor for Arch Linux?

I get the impression that AppArmor has the ease of use but also get the feeling that SELinux is far more secure, sure I've seen the discussion on the Suse forums. On the dubious page thats Wiki I found this.

"a file that is inaccessible may become accessible under AppArmor when a hard link is created to it, while SELinux would deny access through the newly created hard link"

Wait a minute... Does this mean that if a hard link is made to a file, which is then put under restricted access, access won't be restricted to the link? Or does it mean that you can make a hard link to an already-restricted file and gain immediate access to the contents via the hard link? If the latter, that is a pretty big vulnerability.

(Can a workaround be implemented by telling AppArmor to restrict users' abilities to link to a given file, or does AppArmor not support that?)

broch

Banned

From: L.A. California

Registered: 2006-11-13

Posts: 975

Re: AppArmor for Arch Linux?

well this was an issue with AppArmor. Fixed probably.
Personally I think that grsec kernel is a way to go. SELinux on is not used to its full potential by average user anyway. Even if there is more and more graphical (easy) tools to configure. grsec is easy to implement and rarely is causing any problems while securing system very well.

Another one to consider is RSBAC, faster than SELinux and without obvious SELinux weakness: boot time (check out lkml disscussion about this). RSBAC drawback is a lack of tools that allow easy configuration.

FeatherMonkey

Member

Registered: 2007-02-26

Posts: 313

Re: AppArmor for Arch Linux?

Going on this article it still seems to still stand http://lwn.net/Articles/240652/ also more here http://lwn.net/Articles/240255/

As broch's other suggestion perhaps there's other solutions yet not looked at.

Isn't grsec in aur?

I'd add I don't really know if its been fixed but according to the age of the articles and talk of pathname based-security as being the flaw I'm not so sure it is fixed or will be. Reading it back it seems that careful consideration can make it firm but, for ease of use it may be mis-leading.

Last edited by FeatherMonkey (2007-09-04 14:40:19)

ekerazha

Member

Registered: 2007-02-27

Posts: 290

Re: AppArmor for Arch Linux?

well this was an issue with AppArmor. Fixed probably.
Personally I think that grsec kernel is a way to go. SELinux on is not used to its full potential by average user anyway. Even if there is more and more graphical (easy) tools to configure. grsec is easy to implement and rarely is causing any problems while securing system very well.

Another one to consider is RSBAC, faster than SELinux and without obvious SELinux weakness: boot time (check out lkml disscussion about this). RSBAC drawback is a lack of tools that allow easy configuration.

I think we should stick to a cleaner, LSM-based solution, like SELinux or AppArmor.

broch

Banned

From: L.A. California

Registered: 2006-11-13

Posts: 975

Re: AppArmor for Arch Linux?

cleaner than what exactly?
An why SELinux hawing security issues with boot time is cleaner than anything?
Have you actually used RSBAC, grsecurity, SELinux and AppArmor?
you should really check lklm about SELinux issues.

ekerazha

Member

Registered: 2007-02-27

Posts: 290

Re: AppArmor for Arch Linux?

cleaner than what exactly?
An why SELinux hawing security issues with boot time is cleaner than anything?
Have you actually used RSBAC, grsecurity, SELinux and AppArmor?
you should really check lklm about SELinux issues.

Cleaner than not-LSM solutions.

I've used grsecurity, AppArmor, OpenBSD...

Actually I'd suggest "TOMOYO" v2 (LSM): http://tomoyo.sourceforge.jp (it's very similar to AppArmor). Differences: http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#yf491ee8

Last edited by ekerazha (2007-11-15 16:09:12)

broch

Banned

From: L.A. California

Registered: 2006-11-13

Posts: 975

Re: AppArmor for Arch Linux?

I asked because LSM has nothing to do with SELinux or RSBAC. LSM is a framework interface only. It may or may not be used by SELinux, it will not be used by RSBAC (and there are good reasons not to use LSM). Comparing LSM to RSBAC or SELinix simply makes no sense. It is more or less like comparing KDE to kernel.
maybe you missed this but LSM is not considered as peak achievement of security. In fact this is a weakness.

In fact not that long time ago there was a discussion about removing LSM altogether. SELinux does not need LSM, it may use different interface

I like this quote from lkml (October 2007):

It does not take a person that high so see that LSM is a screwup leading to people being out of
touch with the main security model and its neglect.

as you see no "clean" praise.

In general however these (SELinux, RSBAC, grsecurity) are different approaches, never ever head about cleaner when these were compared.. AppArmor is completely different approach as it tries to apply security at the application level, which is not considered as a real hard core security (not that this would be needed by average desktop user)

Really not sure what OBSD has to do with linux security as even with SELinux. OBSD code is more secure (as it is much better, closed scrutinized for any possible security holes), but you would have to compare OBSD tools to SELinux which is different from comparing tool (SELinux) and OS (OBSD).

Last edited by broch (2007-11-16 01:43:51)

VikM

Member

Registered: 2007-11-10

Posts: 50

Re: AppArmor for Arch Linux?

Compiler/linker flags are used at least by some distributions for hardening the applications. Compiler options as -fstack-protector(-all), -fPIE and linker options like -pie, -z relro, -z now, -z noexecstack can improve security and they are in available in the standard tools (gcc, binutils,...).

As for kernel-level security, right now only SELinux is in the official kernel, so I think this is the one to choose following the Arch way. I don't think it will happen soon, if ever, because is quite complicated and lot of packages packages should provide a policy.

My personal choice is pax/grsecurity.

Related post http://bbs.archlinux.org/viewtopic.php?id=39732

ekerazha

Member

Registered: 2007-02-27

Posts: 290

Re: AppArmor for Arch Linux?

I asked because LSM has nothing to do with SELinux or RSBAC.

SELinux (can) uses LSM.

LSM is a framework interface only.

Nobody said the opposite.

It may or may not be used by SELinux, it will not be used by RSBAC (and there are good reasons not to use LSM).

Nobody said the opposite.

Comparing LSM to RSBAC or SELinix simply makes no sense. It is more or less like comparing KDE to kernel.

Nobody compared them: what's wrong with you?

maybe you missed this but LSM is not considered as peak achievement of security. In fact this is a weakness.

In fact not that long time ago there was a discussion about removing LSM altogether. SELinux does not need LSM, it may use different interface

I like this quote from lkml (October 2007):

It does not take a person that high so see that LSM is a screwup leading to people being out of
touch with the main security model and its neglect.

as you see no "clean" praise.

Maybe LSM isn't the "best possible framework", but it's the one that is currently inside the Linux kernel... and it's cleaner to use this framework instead of filling the source with customized "hard coded code".

In general however these (SELinux, RSBAC, grsecurity) are different approaches, never ever head about cleaner when these were compared..

Different approaches to obtain a very similar result.

AppArmor is completely different approach as it tries to apply security at the application level, which is not considered as a real hard core security (not that this would be needed by average desktop user)

What are you talking about?

Really not sure what OBSD has to do with linux security as even with SELinux. OBSD code is more secure (as it is much better, closed scrutinized for any possible security holes), but you would have to compare OBSD tools to SELinux which is different from comparing tool (SELinux) and OS (OBSD).

Nobody compared them, it's just a security oriented system.

Last edited by ekerazha (2007-11-16 15:45:19)