Fedora Security :: Possible To Create Selinux Profile For Program Like With Apparmor?

Jan 15, 2011

Is it possible to create a selinux profile for a program like with Apparmor?

View 4 Replies


ADVERTISEMENT

OpenSUSE :: Create A Profile In Apparmor For Applications?

Apr 16, 2011

Is recommended to create a profile in apparmor for applications like amule, firefox, thunderbird, amsn ....?

View 7 Replies View Related

Ubuntu Security :: Set Up An Apparmor Profile For Firefox?

Apr 28, 2010

Anyone set up an Apparmor profile for Firefox?

View 9 Replies View Related

Ubuntu Security :: No Firefox Profile In Apparmor?

Nov 15, 2010

I'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:

1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?

View 5 Replies View Related

Ubuntu Security :: Enabling A New Profile In AppArmor?

Jun 18, 2011

When I enable a new AppArmor profile that is not in the kernel, I've used this command:

Code:
apparmor_parser -r /path/to/profile

But when I recently read the manual for AppArmor, it says to use this command for new profiles:

Code:
apparmor_parser -a /path/to/profile

Have I done something wrong by using -r instead of -a?

View 1 Replies View Related

Ubuntu Security :: Cannot Enforce Firefox 4.0 Apparmor Profile

Apr 29, 2011

Since Ubuntu 9.10 I used:

"sudo apt-get install apparmor-profiles

sudo enforce firefox"

However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.

View 6 Replies View Related

Ubuntu Security :: Apparmor Profile Deleted / Can't Get It Back

Jun 21, 2011

i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.

View 2 Replies View Related

Ubuntu Security :: Why Isn't Apparmor Firefox Profile Enabled By Default

Apr 25, 2010

This page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?

View 9 Replies View Related

Ubuntu Security :: Generic AppArmor Profile For Untrusted Application

Sep 3, 2010

I've read and re-read everything I can find about AppArmor, to no avail. On the whole, AppArmor isn't for me. However, rather than give up on it completely, I have an idea: create a profile that I could use as a template for any untrusted application, with the aim of 1) blocking it from network access and 2) blocking it from installing other applications. I've got as far as creating an empty profile:

Code:
# Generic AppArmor Profile for UntrustedApplication
#include <tunables/global>
/usr/sbin/UntrustedApplication {
#include <abstractions/base> }
What do I need to add to make this profile 100% permissive, except for the two exceptions stated above?

View 9 Replies View Related

Ubuntu Security :: Firefox Profile In Apparmor Skipped On Startup

Aug 9, 2011

I have quiet splash disabled so I can see what boot processes are run on startup, and I notice that on every time I boot my computer the Firefox profile is skipped. Here's the message: Code: Skipping profile in /etc/ apparmor.d/disable: usr.bin.firefox,I checked /etc/apparmor.d/disable, and see that there is indeed a link to usr.bin.firefox. So I'm wondering how/why it got there. I haven't touched anything in AppArmor since my clean install of Natty.

View 6 Replies View Related

Ubuntu Security :: Use Lucid's Default Firefox AppArmor Profile For Swiftfox?

May 14, 2010

But I couldn't find a modified version of it for Swiftfox anywhere, so I decided to modify it myself. But I'm not 100% sure that I did it correctly, so I thought I'd ask here.

Also, will Swiftfox 3.6.4 be able to use this same profile? I thought it might not because of the new "Out of process plugins" feature being added.

View 3 Replies View Related

Fedora Security :: How To Create A Totally New SELinux User

Jun 4, 2009

Currently working on the targeted policy, I need a help in doing the following things as quick as possible:

1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l
2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types.
3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.

View 10 Replies View Related

Ubuntu Security :: Migrate - Default "Simple Application" AppArmor Profile

Sep 6, 2010

I'm a Windows user, but now trying to migrate to Ubuntu. I have read AppArmor Docs/FAQs, and very impressed with it's possibilities. But I'm still not sure, can I have a profile which is applied to all applications I run (not listed in other profiles)? That would be great to have a "Simple Application" default profile, with permissions, say, to read/write to app's folder and to display graphics/play sounds!

View 1 Replies View Related

Fedora Security :: Create An SELinux Policy To Automatically Grant Apps Execstack While They Use Glxinfo

Nov 20, 2009

I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'

However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.

View 2 Replies View Related

Ubuntu Security :: AppArmor Enforce Program Without Logging?

Apr 19, 2011

I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.

Is there a way to let it enforce restrictions but not log denials?

View 9 Replies View Related

Debian Configuration :: Apparmor Profile For Iceweasel?

Feb 2, 2014

I'm trying to figure out Apparmor,in doing so I've seen that there are no pre-configured profiles for Iceweasel,but there are two for Firefox in /usr/share/doc/apparmor-profiles/extras/ : Will it work if I simply replace "iceweasel" for "firefox" and set those profiles to complain mode,just to see what will eventually happen? Is that too obvious?

View 9 Replies View Related

General :: Login MUCH Slower - Some Reference To AppArmor Profile - Screen Corruption ?

Jul 5, 2010

I am new to linux but will try and be as precise as I can. I have a Dell Insp. 1545 with 3GB ram with 10.04_64

Problem: Rather out of the blue upon login, from the time of entering password to the desktop, is MUCH slower. I have no splash enabled and there is some reference to AppArmour profiles (it sits there at this apparmour reference , then sits trying to load desktop). However, I have never configured apparmor. Finally, on last login, there was some sort of screen corruption prior to getting to desktop.

Prior to all this i noticed that firefox "blinked" when I was using it, and then said that it needed to shutdown/restart for updates. I did notice at that time two of my previous tabs sortof acted oddly (moved around then disappeared).

I have no SSH/Server software etc activated.

I did change visudo so that sudo timeout shorter than it was. However that is the only modification to the system recently.

View 1 Replies View Related

Fedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?

Apr 13, 2011

this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]

[code]....

View 5 Replies View Related

Fedora :: SELinux Turn Off For Specific Program?

Jul 19, 2010

One thing I have had to do to launch Maya every time is disable SELinux.

echo 0 >/selinux/enforce

I type that each time before I launch maya. If I don't it wont start.

Not sure why. Essentially it makes it so I need to be su to run maya.

If I was setting up the workstation to be used by others as well how would I disable SELinux just for starting Maya but nothing else? Or how to do I tell SELinux maya is ok for regular users to run?

View 1 Replies View Related

Fedora :: Program Of SELinux Doesn't Appear Any Window?

Jun 12, 2011

When I try to run a program of SELinux doesn't appear any window. What can I do?

View 11 Replies View Related

Fedora Networking :: Unable To Create VPN Profile - F13 & KDE / Fix It?

Jul 23, 2010

I have a fresh install of Fedora 13 64 bit. I am unable to create VPN profiles in network manager as a normal user.

To test: Logging in with gnome as root, I am able to create a VPN profile in Network Manager Logging in with KDE as root, I am not able to create a VPN profile in Network Connections.

Problem: Logging in as a normal user with KDE, I am not able to create a VPN profile in Network Connections. On the VPN tab, the Add... button is greyed out.

What is required to add VPN connections under KDE on Fedora 13?

View 1 Replies View Related

Fedora :: Can't Create / Install SELinux Modules

Jun 5, 2010

Trying to run Googleearth I got a SELinux denial as I would expect. So I did what I always do, and generated a policy using audit2allow. I have used this method to manage SELinux on various CentOS and Fedora installations before, I don't recognise this problem.I tried the GUI "SELinux Policy Generation Tool" but it closes itself a second after opening so I can't even explore this.

View 9 Replies View Related

Fedora Security :: SELinux Context For Cgi-bin?

Oct 20, 2010

I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:

SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.

How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?

View 3 Replies View Related

Fedora Security :: Selinux Not Enabled?

Nov 10, 2010

Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then

View 10 Replies View Related

Fedora Security :: How To Enable The SELinux

Jan 17, 2011

My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?

View 11 Replies View Related

Fedora Security :: SELinux Not Enforcing?

Apr 30, 2011

I tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.

View 2 Replies View Related

Fedora :: SELinux Is Preventing Firefox From Making The Program Stack Executable?

Nov 2, 2010

- Newly installed Fedora 14- Firefox 3.6.12- All latest Fedora updates installed- Denial occured after the installation of jre1.6.0_22 from here - Linux (self-extracting file) and creating symbolic links as follows;

Code:
[root@Freedom opt]# ln -s /opt/jre1.6.0_22/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/
Code:

[code]....

View 3 Replies View Related

Ubuntu Security :: Recommend AppArmor And Other Security Measures?

Aug 31, 2010

Or do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?

View 9 Replies View Related

Fedora Security :: Prevent Firefox With SELinux?

May 11, 2009

I am new to Fedora 10, and to SELinux too.

I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.

View 2 Replies View Related

Fedora Security :: SELinux Is Blocking Ipod?

Jul 8, 2009

I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved