Announcement

Collapse
No announcement yet.

AppArmor Adds IO_uring Mediation & Some Performance Optimizations

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    AppArmor Adds IO_uring Mediation & Some Performance Optimizations

    Phoronix: AppArmor Adds IO_uring Mediation & Some Performance Optimizations

    The AppArmor Linux security system has picked up a few improvements and new features with the in-development Linux 6.7 kernel...

    AppArmor Adds IO_uring Mediation & Some Performance Optimizations - Phoronix
    https://www.phoronix.com/news/Linux-6.7-AppArmor
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Who uses AppArmor other than Canonical? Even NSALinux is used by Android.

    Comment

    • #3
      Originally posted by timofonic View Post
      Who uses AppArmor other than Canonical?

      Me, for example. Although basically only to "sandbox" Firefox while keeping the plasma integration working - haven't found any other better sandboxing solution that can keep that integration intact.
      • Likes 1

      Comment

      • #4
        Originally posted by timofonic View Post
        Who uses AppArmor other than Canonical? Even NSALinux is used by Android.
        For instance Manjaro. Completely transparent with no user complaints, question is is it actually doing something?
        • Likes 3

        Comment

        • #5
          For instance Manjaro. Completely transparent with no user complaints, question is is it actually doing something?
          I've had exactly this thought, running a Manjaro system with, well, no complaints! I have not looked into AppArmor enough to know what might provoke it into action or what that action would be.
          • Likes 1

          Comment

          • #6
            Originally posted by varikonniemi View Post

            For instance Manjaro. Completely transparent with no user complaints, question is is it actually doing something?
            Admittedly the last time I looked into this was a decade ago, but at the time the answer was no unless you went and started messing with the configs yourself because actually setting up MAC and having a usable system is a pain in the ass, so the only distro with both active and enabled MAC was Fedora/RHEL and even then it took them a long time to switch SELinux to enforcing mode.
            • Likes 2

            Comment

            • #7
              Originally posted by timofonic View Post
              Who uses AppArmor other than Canonical? Even NSALinux is used by Android.
              I use it, it is a quite convenient way to sandbox individual programs and daemons that I consider high risk or high impact (uses network and/or has a lot of privileges). I'm not interested in learning SELinux for that purpose. Nor am I interested in having MAC for the entire system.
              ​​​
              AppArmor is very easy, with helper tools such as aa-logprof to help create correct profiles.

              And I run Arch, not Ubuntu. Works fine except that the dbus mediation is missing. Would have to rebuild the dbus daemon for that support, but since I run dbus-broker anyway I won't have AppArmor support.
              • Likes 1

              Comment

              • #8
                Originally posted by timofonic View Post
                Who uses AppArmor other than Canonical? Even NSALinux is used by Android.
                Debian and openSUSE for example. In fact, nobody except for IBM's GNU/Linux distros use SELinux.

                Comment

                Previous template Next
                Working...
                X