AskUbuntu<p>Why am I getting apparmor="DENIED" for python3 when I update my system with apt update? <a href="https://ubuntu.social/tags/apt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apt</span></a> <a href="https://ubuntu.social/tags/python3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python3</span></a> <a href="https://ubuntu.social/tags/apparmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apparmor</span></a></p><p><a href="https://askubuntu.com/q/1553525/612" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">askubuntu.com/q/1553525/612</span><span class="invisible"></span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.8Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#apparmor
2 posts · 2 participants · 1 post today
AskUbuntu<p>Handing non-standard home when packaging a snap <a href="https://ubuntu.social/tags/permissions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>permissions</span></a> <a href="https://ubuntu.social/tags/snap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snap</span></a> <a href="https://ubuntu.social/tags/homedirectory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homedirectory</span></a> <a href="https://ubuntu.social/tags/packaging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packaging</span></a> <a href="https://ubuntu.social/tags/apparmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apparmor</span></a></p><p><a href="https://askubuntu.com/q/1553450/612" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">askubuntu.com/q/1553450/612</span><span class="invisible"></span></a></p>
🚀 Несерьёзный Выдумщик 👨🔬<p>Хорошая и <a href="https://habr.com/ru/articles/541190/" rel="nofollow noopener" target="_blank">годная статья</a> про безопасность <a href="https://shitpost.poridge.club/tags/Android" rel="nofollow noopener" target="_blank">#Android</a><span> устройств с разблокированным загрузчиком.<br>Детально и подробно, с разных сторон разобран процесс загрузки Android-систем нескольких версий, включая </span><a href="https://shitpost.poridge.club/tags/LineageOS" rel="nofollow noopener" target="_blank">#LineageOS</a><span> и виды сборок прошивок.<br>Рассмотрен подход к работе </span><a href="https://shitpost.poridge.club/tags/Magisk" rel="nofollow noopener" target="_blank">#Magisk</a> и варианты получения root'а разными средствами с учётом контекстов <a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener" target="_blank">#SELinux</a>, а так же работа через <a href="https://shitpost.poridge.club/tags/adb" rel="nofollow noopener" target="_blank">#adb</a><span> (в каких случаях имеет root'привелегии).<br>Статья большая, но полезная с точки зрения «получить представление» без упрощений, а с техническими деталями.<br><br>TL;DR<br>Глупо выключать устройство, когда остаётся без присмотра, а описываемый сценарий не касается уже работающего (загруженного полностью, включённого) девайса. Если же устройство неожиданно оказалось выключенным, то нельзя включать и вводить пин\пароль. Сперва надо проверить содержимое разделов (на тот или иной вариант «нагрузки»). Т.е. включать через </span><code>fastboot</code>, прошивать заново рекавери (<a href="https://shitpost.poridge.club/tags/TWRP" rel="nofollow noopener" target="_blank">#TWRP</a> или <a href="https://shitpost.poridge.club/tags/OrangeFox" rel="nofollow noopener" target="_blank">#OrangeFox</a><span>) и прошерстить\восстановить разделы.<br><br>Очень наглядно видно зачем в ОС нужны такие вещи как mandatory access control (MAC):<br>• </span><a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener" target="_blank">#SELinux</a><span> (авторство АНБ США),<br>• </span><a href="https://shitpost.poridge.club/tags/AppArmor" rel="nofollow noopener" target="_blank">#AppArmor</a><span> (via Novell & Immunix),<br>• российский аналог в AstraLinux.<br><br>На статью навёл </span><a href="https://social.openhood.ru/@sun_rise" class="u-url mention" rel="nofollow noopener" target="_blank">@sun_rise@social.openhood.ru</a><span> <br><br></span><a href="https://shitpost.poridge.club/tags/AndroidSecurity" rel="nofollow noopener" target="_blank">#AndroidSecurity</a> <a href="https://shitpost.poridge.club/tags/MAC" rel="nofollow noopener" target="_blank">#MAC</a> <a href="https://shitpost.poridge.club/tags/security" rel="nofollow noopener" target="_blank">#security</a> <a href="https://shitpost.poridge.club/tags/privacy" rel="nofollow noopener" target="_blank">#privacy</a><span><br></span><a href="https://mastodon.social/@russian_mastodon" class="u-url mention" rel="nofollow noopener" target="_blank">@russian_mastodon@mastodon.social</a> <a href="https://3zi.ru/@Russia" class="u-url mention" rel="nofollow noopener" target="_blank">@Russia@3zi.ru</a> <a href="https://social.sley.nl/@rur" class="u-url mention" rel="nofollow noopener" target="_blank">@rur@social.sley.nl</a></p>
openSUSE Linux<p>Find out what happened in this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="tag">#<span>oSC25</span></a> talk about the switch of <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="tag">#<span>SELinux</span></a> as the default MAC system in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="tag">#<span>openSUSE</span></a> Tumbleweed, This talk will explore the shift from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="tag">#<span>AppArmor</span></a> and the lessons learned. A must-watch for those following system security! 🐧 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="tag">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="tag">#<span>openSUSE</span></a> <a href="https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">youtu.be/8wBLbhSjDwE?si=1fOBIH</span><span class="invisible">kq1KkU5ynV</span></a></p>
GripNews<p>🌘 繞過 Ubuntu 非特權命名空間限制的旅程<br>➤ Ubuntu 安全強化措施的突破與反思<br>✤ <a href="https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">u1f383.github.io/linux/2025/06</span><span class="invisible">/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html</span></a><br>這篇文章詳細描述了研究人員如何發現並繞過 Ubuntu 最新導入的非特權命名空間限制。Ubuntu 旨在透過 AppArmor 強化安全性,限制應用程式建立非特權命名空間的能力,以此降低權限提升攻擊的風險。然而,研究人員透過深入分析核心層級的實作,發現了繞過此限制的方法,並分享了研究過程中的經驗和挑戰。儘管最終發現的繞過方法與其他研究人員發現的相似,但其起點源於核心層面的分析,使其具有獨特的價值。<br>+ 真是令人驚訝!Ubuntu 宣稱的安全性竟然有漏洞,這也提醒我們,任何安全措施都不是萬無一失的。<br>+ 這篇文章的詳細分析很有幫助,對於對 Linux 安全感興趣的人來說,是個很好的學習資源。<br><a href="https://mastodon.social/tags/%E5%AE%89%E5%85%A8%E7%A0%94%E7%A9%B6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>安全研究</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> <a href="https://mastodon.social/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>漏洞利用</span></a></p>
Richard Chamberlain<p>Tried integrating ROS2 on Oracle Linux with SELinux—no go.<br>Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.</p><p>colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.</p><p>Here’s my story, what didn’t work, and where I’m heading next:<br>🔗 <a href="https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">richard-sebos.github.io/sebost</span><span class="invisible">echnology/posts/AppArmor-ROS2/</span></a></p><p>Boosts appreciated if you think secure ROS2 needs better tooling. 🧵</p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/ROS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ROS2</span></a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SELinux</span></a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Robotics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Robotics</span></a></p>
aaron ~# :blinkingcursor:<p>Today was very productive. I've finished driver installation for <a href="https://infosec.exchange/tags/nvidia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nvidia</span></a>, <a href="https://infosec.exchange/tags/printers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>printers</span></a> and <a href="https://infosec.exchange/tags/bluetooth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bluetooth</span></a>. I've also done a lot more stuff like <a href="https://infosec.exchange/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> and also installed void on my main pc using the <a href="https://infosec.exchange/tags/playbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>playbook</span></a>. So far a great experience. Got it <a href="https://infosec.exchange/tags/gaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gaming</span></a> ready already. </p><p><a href="https://infosec.exchange/tags/ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ansible</span></a> <a href="https://infosec.exchange/tags/automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>automation</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://infosec.exchange/tags/voidlinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>voidlinux</span></a> <a href="https://infosec.exchange/tags/void" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>void</span></a></p>
DeadSwitch @ T0m's 1T C4fe<p>Small business? $0 budget? No excuse.<br>Secure your entire stack with nothing but code, grit, and open source fire.<br><a href="https://mastodon.social/tags/DeadSwitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeadSwitch</span></a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/pfSense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSense</span></a> <a href="https://mastodon.social/tags/WireGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WireGuard</span></a> <a href="https://mastodon.social/tags/Mailcow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mailcow</span></a> <a href="https://mastodon.social/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://mastodon.social/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VeraCrypt</span></a> <a href="https://mastodon.social/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreOffice</span></a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a></p><p><a href="http://tomsitcafe.com/2025/05/26/deadswitch-dispatch-secure-the-perimeter-for-0/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">tomsitcafe.com/2025/05/26/dead</span><span class="invisible">switch-dispatch-secure-the-perimeter-for-0/</span></a></p>
aaron ~# :blinkingcursor:<p>Just finished some testing on <a href="https://infosec.exchange/tags/VoidLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoidLinux</span></a> and i'm pretty impressed. It feels like using <a href="https://infosec.exchange/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinux</span></a>, still it's different. The documentation is really good and i've successfully tested everything i needed, like <a href="https://infosec.exchange/tags/printerdriver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>printerdriver</span></a>, <a href="https://infosec.exchange/tags/apparmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apparmor</span></a> and <a href="https://infosec.exchange/tags/nvidia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nvidia</span></a> drivers. <a href="https://infosec.exchange/tags/XBPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XBPS</span></a> is really fast and intuitive. This might really well be my next distro.</p><p><a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://infosec.exchange/tags/void" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>void</span></a> <a href="https://infosec.exchange/tags/arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arch</span></a></p>
Eduardo Medina 🇪🇸<p><a href="https://mastodon.social/tags/Nobara" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nobara</span></a> sustituye <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SELinux</span></a> por <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a>, rebajando así los estándares de seguridad para mejorar la compatibilidad con los juegos, y ahora sustituye <a href="https://mastodon.social/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> por el invento del criptobro de Brendan Eich.</p><p>Mira que agradezco muchísimo las contribuciones de <a href="https://mastodon.social/tags/GloriousEggroll" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GloriousEggroll</span></a> al <a href="https://mastodon.social/tags/LinuxGaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxGaming</span></a>, pero la distribución que desarrolla prefiero tenerla bien lejos. <a href="https://linuxiac.com/fedora-based-nobara-linux-goes-rolling/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxiac.com/fedora-based-noba</span><span class="invisible">ra-linux-goes-rolling/</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a></p>
Solus<p>Heya, folks! We have an update on <a href="https://floss.social/tags/Snap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snap</span></a> and <a href="https://floss.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> support in <a href="https://floss.social/tags/Solus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Solus</span></a>. We are holding off on our planned Snap support removal for now, as there has been recent progress in upstreaming the AppArmor patch set to the <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> kernel. We still recommend <a href="https://floss.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flatpak</span></a>, which has integration in GNOME Software and KDE Discover.</p><p>Read more about it on our blog: <a href="https://getsol.us/2025/05/05/snapd-update/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">getsol.us/2025/05/05/snapd-upd</span><span class="invisible">ate/</span></a></p><p>- Evan</p>
TZL<p>Anyone currently have a take on the <a href="https://mstdn.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> concerns of <a href="https://mstdn.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mstdn.social/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a> user <a href="https://mstdn.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>namespaces</span></a> <a href="https://mstdn.social/tags/usernamespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usernamespaces</span></a>? I have been rereading into it wondering whether enabling or disabling is the best approach. They seem rather insignificant with considerable surface area for attack, from my understanding. However, more applications check for/need them nowadays.</p><p>I think kernel <a href="https://mstdn.social/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> advice is still to disable. Makes me wonder if should e.g. be considered only if <a href="https://mstdn.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> / <a href="https://mstdn.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SELinux</span></a> is active.</p>
Linux G. Fossman<p><span class="h-card" translate="no"><a href="https://framapiaf.org/@debacle" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>debacle</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@alatiera" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alatiera</span></a></span> That's great - I love <a href="https://social.vivaldi.net/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> : ) I do wish, however, that <a href="https://social.vivaldi.net/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a> native apps on Debian using <a href="https://social.vivaldi.net/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> was as <a href="https://social.vivaldi.net/tags/noobeasy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>noobeasy</span></a>* as using <a href="https://social.vivaldi.net/tags/flatpak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flatpak</span></a> apps with <a href="https://social.vivaldi.net/tags/Flatseal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flatseal</span></a>. </p><p><a href="https://social.vivaldi.net/tags/noobeasy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>noobeasy</span></a> <a href="https://social.vivaldi.net/tags/noobsimple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>noobsimple</span></a> <a href="https://social.vivaldi.net/tags/newword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newword</span></a> <a href="https://social.vivaldi.net/tags/neword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>neword</span></a> <a href="https://social.vivaldi.net/tags/did_i_just_invent_a_new_word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>did_i_just_invent_a_new_word</span></a>?</p>
Toasterson<p>Its always <a href="https://chaos.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> <a href="https://chaos.social/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ubuntu</span></a> plucky sponsored by $workplace</p>
Zygmunt Krynicki<p>Have you ever wondered what's inside <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="tag">#<span>AppArmor</span></a> profiles that the kernel interprets?</p>
Zygmunt Krynicki<p>Do you know that a single binary profile can contain two distinct profiles? In this example we can see that a single profile called "name" has a so-called hat profile called "name//hat" that is in the same binary file, ready to be loaded into the Linux kernel.</p><p><a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="tag">#<span>AppArmor</span></a> <a href="https://fosstodon.org/tags/ImHex" class="mention hashtag" rel="tag">#<span>ImHex</span></a></p>
Zygmunt Krynicki<p>I've added support to see capabilities allowed by a given binary <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="tag">#<span>AppArmor</span></a> profile to my apparmor-binary project.</p><p><a href="https://gitlab.com/zygoon/apparmor-binary" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/zygoon/apparmor-bin</span><span class="invisible">ary</span></a></p><p>The animation shows the <a href="https://fosstodon.org/tags/ImHex" class="mention hashtag" rel="tag">#<span>ImHex</span></a> hex editor.</p>
Gea-Suan Lin<p>把 rsyslog 訊息串到 Slack 與 Pushover 上</p><p>把之前想弄的東西弄出來了,直接在 rsyslog 上設定條件,然後串到 Slack 以及 Pushover 上。 rsyslog 這邊有不少眉眉角角要處理,本來查到 omhttp,想直接透過 omhttp 打到 HTTPS endpoint,但發現 omhttp 沒有也沒打算包進標準套件裡面 (因為不是由官方開發的),但文件上面有... 在 2018 年的「rsyslogd: could not load module 'omhttp' #3302」這邊就有提到這個問題了: Sadly, the omhttp module is currently not part of the def…</p><p><a href="https://blog.gslin.org/archives/2025/03/20/12312/%e6%8a%8a-rsyslog-%e8%a8%8a%e6%81%af%e4%b8%b2%e5%88%b0-slack-%e8%88%87-pushover-%e4%b8%8a/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.gslin.org/archives/2025/0</span><span class="invisible">3/20/12312/%e6%8a%8a-rsyslog-%e8%a8%8a%e6%81%af%e4%b8%b2%e5%88%b0-slack-%e8%88%87-pushover-%e4%b8%8a/</span></a></p><p><a href="https://abpe.org/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a> <a href="https://abpe.org/tags/apparmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apparmor</span></a> <a href="https://abpe.org/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://abpe.org/tags/omhttp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>omhttp</span></a> <a href="https://abpe.org/tags/omprog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>omprog</span></a> <a href="https://abpe.org/tags/pushover" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pushover</span></a> <a href="https://abpe.org/tags/rsyslog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rsyslog</span></a> <a href="https://abpe.org/tags/rsyslogd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rsyslogd</span></a> <a href="https://abpe.org/tags/script" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>script</span></a> <a href="https://abpe.org/tags/shell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shell</span></a> <a href="https://abpe.org/tags/slack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>slack</span></a> <a href="https://abpe.org/tags/syslog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>syslog</span></a> <a href="https://abpe.org/tags/webhook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webhook</span></a></p>
pafurijaz<p>After I've upgraded from to Ubuntu 24.04 LTS, I encountered the error: "The SUID sandbox helper binary was found, but is not configured correctly"</p><p>I don't know how fix it, that happens every upgrade the <a href="https://mastodon.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> sucks!<br>And some AppImage, they don't works, I have to use the option "--no-sandbox" and there are others problems related to that as usual. <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a>🫠</p>
varx/tech<p>I've seen <a href="https://infosec.exchange/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppArmor</span></a> used primarily to *harden* the security of an existing program. Is it also reasonable to use it to *sandbox* known-malicious code? Or are other methods required?</p><p>(I assume you also want ulimit or similar on the side, but that's to prevent resource consumption attacks rather than sandbox escapes.)</p><p><a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload