What's that? #ubuntusnaps are badly designed for desktop usage? Who knew?
Scroll my feed whydontcha.
#Flatpak, #AppImage, take your pick. Much better integration and uses standard #SELinux - instead of having to suffer #Canonical and their #NotInventedHere syndrome with #AppArmor.
Microsoft's VS Code in Ubuntu's Snap Format Eats Up Disk Space Like Bloatware Even After Removal
https://itsfoss.com/news/vscode-snap-disk-space-issue/
Is there's anyone running a #debian, which don't have this bug ?
> Journal: AppArmor parser error for /etc/apparmor.d in profile
/etc/apparmor.d/tunables/home at line 15: syntax error, unexpected TOK_EQUALS,
expecting TOK_MODE
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126564
I just checked on two of my system, #AppArmor failed on both !
#mastohelp
> sharing helps resolving bugs 😉
SELinux und AppArmor: Mandatory Access Control im Vergleich
Warum du SELinux und AppArmor kennen solltest Als Systemadministrator trägst du die Verantwortung für die Sicherheit deiner Linux-Systeme, und Mandatory Access Control (MAC)-Systeme wie SELinux und AppArmor sind essenzielle Werkzeuge, um Angriffe zu minimieren. Diese Module erweitern die herkömmliche diskretionäre Zugriffssteuerung (DAC) durch feingranulare Richtlinien, die Prozesse einschränken, selbst wenn sie als Root laufen. Du solltest sie beherrschen, weil sie Zero-Day-Exploits […]https://andreas-moor.de/selinux-und-apparmor-mandatory-access-control-im-vergleich/
#apparmor error in #debian after update:
AppArmor-Analysefehler f?r /etc/apparmor.d in profile /etc/apparmor.d/tunables/home in Zeile 15: syntax error, unexpected TOK_EQUALS, expecting TOK_MODE
It seems, that I am not the only one:
https://forums.debian.net/viewtopic.php?t=165501
Any tips?
libvirt manager Could not open Permission denied #apparmor #virtmanager
Transmission on Ubuntu may be denied access to localized Downloads directories due to AppArmor profiles expecting English folder names. Here’s how to fix it.
https://gagor.pro/2025/12/transmission-permission-denied-to-downloads-directory/
I have developed mping-sender over the last few days. It is a simple program that sends a UDP packet to a (freely selectable) multicast address every second. It is therefore well suited for testing multicast. It is partially compatible with the mping client.
Furthermore, it is protected by landlock, seccomp, libcap-ng, AppArmor, and systemd.
Source code: https://codeberg.org/mark22k/mping-sender
#Networking #Programming #dn42 #Multicast #landlock #AppArmor #libseccomp #seccomp #systemd #libcapng
#apparmor output on my system and according to my search as seen on a lot of #ubuntu based systems:
apparmor="STATUS" operation="profile_load" profile="unconfined" name=4D6F6E676F444220436F6D70617373
So where does this entry "4D..." reside ?
All the other entries in the otuput of dmesg have an equivalent in /etc/apparmor.d
And no, there is no such profile with that name on my machine.
🚨 Alerte Proxmox 9 ! 🚨
Mes conteneurs Docker/LXC ne démarraient plus après la mise à jour containerd.io... 🤯
J'ai trouvé l'origine du problème (le conflit AppArmor/runc) et je vous explique la seule façon de le corriger (ou de l'éviter !) pour relancer vos services rapidement.
Le guide complet est sur mon wiki 👇 https://wiki.blablalinux.be/fr/proxmox-9-apparmor-docker-lxc-conflit-demarrage
crazytrace, my network simulation program that generates a crazy topology behind a TAP device to test traceroute implementations, now has an apparmor profile.
Furthermore, I have now implemented capability dropping with libcap-ng, landlock sandboxing (via a blacklist), and seccomp sandboxing (via a blacklist).
https://codeberg.org/mark22k/crazytrace/src/commit/c5eb9eaf8b12266ecad3c3d1e0cd5388f351cc72/apparmor/usr.bin.crazytrace
https://codeberg.org/mark22k/crazytrace/src/commit/c5eb9eaf8b12266ecad3c3d1e0cd5388f351cc72/src/main.cpp
#crazytrace #traceroute #Networking #Programming #Security #apparmor #libcap #libcapng #landlock #seccomp
🚀 Oh, the thrilling saga of playing Russian nesting dolls with #containers on Proxmox! 🤯 Watch as our hero battles #AppArmor and cryptic errors, only to discover the ancient scrolls of #GitHub held the mystical solution all along. 🎉 Apparently, the answer was just a version upgrade – who would've thought? 🙄
https://blog.vasi.li/adventures-in-upgrading-proxmox/ #Proxmox #VersionUpgrade #TechSaga #HackerNews #ngated
#AppArmor protects again Unauthorized file access, network connections, privilege escalation, raw socket access, capability abuse. And it is pre-installed and ready always. #UbuConIndia2025
@ubuntu@ubuntu..social @ubind
What happened to all #linux #security folks here in #fediverse? I am hoping someone is using more detailed #apparmor for #docker #container based workloads!!
I have recently released v1.0.0 of go-apparmor at https://gitlab.com/apparmor/go-apparmor
The scope of the library is userspace re-implementation of the #AppArmor profile loading logic from the kernel, as well as running queries against a loaded profile
At the moment file queries can be used. Permissions can be looked up directly. Unpacking old permissions is coming in a patch next week, after I'm done with travel.
I wanted to thank John Johansen for helping with the transition from my own namespace.
All Debian packages should include an AppArmor profile.
#apparmor #debian #ubuntu #linux #computersecurity #linuxsecurity
#Linux question
Does apparmore make sense on a developer machine for a teenager? Or does it make the development experience too frustrating?
Context:
I'm just preparing a Linux laptop for my daughter. Installing the ROBO Pro Coding (programming environment for the fischertechnik TX4 controller) appimage I noticed it didn't work because of a missing #apparmor profile.
The proposed fixes i found were to disable apparmor (but creating a profile shouldn't be too hard either).
My question is now, should o disable apparmor to avoid future questions? Especially as it wasn't trivial to figure out that it was apparmor which stopped the application from working and i expect future problems and frustration.
I switched from #AppArmor to #Firejail on my desktop. For me Firejail's configuration is much less cryptic than AppArmor's :) But I noticed there was no syntax highlighting for Firejail config files in #Emacs, so I created a simple mode using SMIE:
https://github.com/grafov/firejail-mode
Because GNU/Emacs should have a mode for any task, you know! #butterfly
