Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 26 Nov 2014, 06:11
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How to install AppArmor on Puppy?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Sun 01 May 2011, 15:17    Post_subject:  How to install AppArmor on Puppy?
Sub_title: wanted!
 

could you help me?
Edited_times_total
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11164
Location: Arizona USA

PostPosted: Sun 01 May 2011, 15:52    Post_subject:  

Help what? What problem do you think it will solve?
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sun 01 May 2011, 16:44    Post_subject:  

Flash you can read here Smile
http://selinux.sourceforge.net/about.php3

quote
This site is part of the SELinux for Distributions project. The project is hosted at SourceForge. The project summary page is at http://sf.net/projects/selinux.

The overarching goals of this project are to

* Develop a community around SELinux that can develop the wide range of features needed to fully and easily integrate SELinux into distributions.
* Increase usability of SELinux

Specifically, we plan to

* Document how to use SELinux in distributions
* Organize and package the components of an SELinux-based system for use in a variety of distributions
* Provide additional help in configuring policies to support specific distributions

About SELinux

SELinux was created by the National Security Agency as an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux. The focus of that work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The release includes a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

Although NSA affiliates participate in some aspects of this project to pursue NSA SELinux research goals, the project and its products are not endorsed or evaluated by NSA. The software available from this project is subject to the same legal disclaimers as the original NSA SELinux prototype. Although NSA affiliates may have participated in this project and undertaken or suggested some project work, this project is not sponsored by NSA and nothing here constitutes a request for proposal or a commitment by the National Security Agency to anyone for the procurement of equipment, services, or any obligation. The National Security Agency reserves the right to not pursue this project or any task in this project, and to discontinue, at any time, participation in the project or work in progress by any of its employees and contractors.

/quote

NSA that sounds scary? Them putting in back doors maybe. Tin hat on.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Sun 01 May 2011, 20:38    Post_subject:  

nooby wrote:
Flash you can read here Smile
http://selinux.sourceforge.net/about.php3

quote
This site is part of the SELinux for Distributions project. The project is hosted at SourceForge. The project summary page is at http://sf.net/projects/selinux.

The overarching goals of this project are to

* Develop a community around SELinux that can develop the wide range of features needed to fully and easily integrate SELinux into distributions.
* Increase usability of SELinux

Specifically, we plan to

* Document how to use SELinux in distributions
* Organize and package the components of an SELinux-based system for use in a variety of distributions
* Provide additional help in configuring policies to support specific distributions

About SELinux

SELinux was created by the National Security Agency as an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux. The focus of that work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The release includes a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

Although NSA affiliates participate in some aspects of this project to pursue NSA SELinux research goals, the project and its products are not endorsed or evaluated by NSA. The software available from this project is subject to the same legal disclaimers as the original NSA SELinux prototype. Although NSA affiliates may have participated in this project and undertaken or suggested some project work, this project is not sponsored by NSA and nothing here constitutes a request for proposal or a commitment by the National Security Agency to anyone for the procurement of equipment, services, or any obligation. The National Security Agency reserves the right to not pursue this project or any task in this project, and to discontinue, at any time, participation in the project or work in progress by any of its employees and contractors.

/quote

NSA that sounds scary? Them putting in back doors maybe. Tin hat on.


thanks a lot for your attention~ I'm really touched.
maybe your are right and I will take it into my considering range~
but I have to say that :
selinux has been successfully support in ubuntu, redhat ,and other linux system.
maybe this time they (NSA) done something good.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11164
Location: Arizona USA

PostPosted: Sun 01 May 2011, 21:25    Post_subject:  

Puppy originated as a live CD, which meant it had no need for the access control apparatus of a multiuser OS. Nevertheless, many people have installed and used it as a multiuser OS. I guess its speed, ease of use and small footprint make it attractive. Anyway, it sounds to me like adding SELinux to Puppy would result in something like the Frankenstein's monster of operating systems. Perhaps the kludge could be made to work, but wouldn't it make more sense to start with a multiuser Linux distro?

Pubbyhove, you didn't answer my question. Is there a specific problem you're trying to solve?
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Sun 01 May 2011, 22:30    Post_subject:  

Quote:
A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. This reduces or eliminates the ability of these programs and daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example). This confinement mechanism operates independently of the traditional Linux access control mechanisms. It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).http://en.wikipedia.org/wiki/Security-Enhanced_Linux

No concept of a "root" super-user does not sound compatible with the Puppy philosophy.

Also in that article:
Quote:
(SELinux has been integrated into version 2.6 series of the Linux kernel, and separate patches are now unnecessary; the above is a historical quote.)

Is this all 2.6 series? I know it's in some versions of Fedora and Ubuntu but all 2.6 kernels?

A sandbox or virtual machine does everything SELinux can do. Join PPP, Prevent Puppy Paranoia.
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Tue 03 May 2011, 13:00    Post_subject: thanks for your attention  

No concept of a "root" super-user does not sound compatible with the Puppy philosophy.

that just mean the root account won't get all access to the system,
let me see, I can't completely explain it ~
you should learn from the homepage.


Is this all 2.6 series? I know it's in some versions of Fedora and Ubuntu but all 2.6 kernels?

actually selinux has been put in linux kernel as a necessary part since 2.6,
when you complie the kernel you can see it in /security /selinux.

A sandbox or virtual machine does everything SELinux can do. Join PPP, Prevent Puppy Paranoia.[/quote]

yeah I 'm a paranoia.......
if anyone could help me bulid selinux on puppy ,
I would pay him $100 dollars.
will I?
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Tue 03 May 2011, 13:26    Post_subject: thanks
Sub_title: thanks
 

Flash wrote:
Puppy originated as a live CD, which meant it had no need for the access control apparatus of a multiuser OS. Nevertheless, many people have installed and used it as a multiuser OS. I guess its speed, ease of use and small footprint make it attractive. Anyway, it sounds to me like adding SELinux to Puppy would result in something like the Frankenstein's monster of operating systems. Perhaps the kludge could be made to work, but wouldn't it make more sense to start with a multiuser Linux distro?

Pubbyhove, you didn't answer my question. Is there a specific problem you're trying to solve?


actually it not only about multiuser,
i have never think about change puppy to be a multiuser system.

I 'm doing a project for my personal interest,i called it "seveket".
yeah, I 'm not carrying owls to Athens.
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Tue 03 May 2011, 15:51    Post_subject:  

It's not that simple or easy to get SELinux to work in any version of Puppy. A number of Puppy People have tried in the past few years with limited success. Step one is to get Python working flawlessly. Step two is to try to get SELinux to work with your flawless Python. I spent a few hours the last couple of days trying to get SELinux to work in Wary but I don't think I'm even close.

It's really not worth spending much time on since anything SELinux can do can be done in other ways in Puppy, in Linux and even in Windows. You never have said what you're trying to do security-wise. What "security needs" do you have? SELinux's security philosophy is the direct opposite of Puppy's philosophy and I doubt that it's wise to try to combine the two. Why would Puppy want to support SELinux? It makes no sense. SELinux would only cripple Puppy.

AppArmor has the same objective as SELinux and is better developed, maintained and supported. Maybe you should take a look at it.
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Thu 05 May 2011, 09:59    Post_subject: thanks very much  

Bernie_by_the_Sea wrote:


AppArmor has the same objective as SELinux and is better developed, maintained and supported. Maybe you should take a look at it.


thank you very much!maybe i should think twice~
could you tell me something more about AppArmor ?
Is it easy to install that on puppy?
Back to top
View user's profile Send_private_message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Fri 06 May 2011, 07:59    Post_subject:  

http://www.novell.com/linux/security/apparmor/overview.html

AppArmor is not easy to install in Puppy. You have never yet said what you're trying to accomplish. Both SELinux and AppArmor are for multiuser systems. They are used mostly by large corporations or the government. They do little or nothing for a home user.
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Fri 06 May 2011, 11:39    Post_subject: millions of thanks  

Bernie_by_the_Sea wrote:
http://www.novell.com/linux/security/apparmor/overview.html

AppArmor is not easy to install in Puppy. You have never yet said what you're trying to accomplish. Both SELinux and AppArmor are for multiuser systems. They are used mostly by large corporations or the government. They do little or nothing for a home user.


thank you very much。

I have said before,
I want to develop puppy as a security for my business.
for example ,
I can carry it when I'm traveling,on a business trip instead of carrying of a
stupid notebook.

I'm not quite sure that puppy could security my data.
I know it will save all the data by MD5,

but i'm worry about that when I 'm doing some important task
like dealing with my work, online shopping,
will puppy give me enough security support?


it's my personal vision,thank you!
Back to top
View user's profile Send_private_message 
pubbyhove

Joined: 02 Apr 2011
Posts: 13

PostPosted: Fri 06 May 2011, 12:09    Post_subject:  

nooby wrote:
Flash you can read here Smile
http://selinux.sourceforge.net/about.php3

quote
This site is part of the SELinux for Distributions project. The project is hosted at SourceForge. The project summary page is at http://sf.net/projects/selinux.


/quote

NSA that sounds scary? Them putting in back doors maybe. Tin hat on.


http://www.murga-linux.com/puppy/viewtopic.php?p=520143#520143

dear nooby,
have you see the article there?
http://www.murga-linux.com/puppy/viewtopic.php?p=520143#520143

I have read it just now,and I believe
if puppy support selinux or AppArmor
will help the issue a lot~

you can see the author'need also call for puppy to have
"
*python
*wxpython
*some other python libs "

which is all need for selinux?
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0971s ][ Queries: 12 (0.0081s) ][ GZIP on ]