AppArmor bolsters existing Linux access controls by enabling administrators to grant or deny system privileges more granularly than is possible with Linux’s default discretionary access control scheme. Ubuntu 9.10 includes a policy for applying these controls to contain the Firefox web browser. In the beta release I tested, this policy was inactive by default; I activated it by issuing the command “sudo aa-enforce firefox” and then restarting Firefox.
I took a peek at the Firefox AppArmor policy, which is stored as a fairly readable text file, and noted that the policy denied Firefox access to the folder in my home directory that stores SSH keys – a directory that I’m allowed, by default, to view and edit freely. With typical Linux access controls, the applications I run enjoy the same rights that I do, which means that I (or someone who has taken control of my browser) could read and modify sensitive SSH configuration files in that directory from Firefox. With the AppArmor policy for Firefox enabled, however, I couldn’t access or modify the SSH directory in my home folder.
I’d like to see the Ubuntu project step up its efforts around AppArmor, potentially by extending the project’s Personal Package Archive build service with AppArmor policy generation tools. The other major Linux distribution that ships AppArmor, SUSE, has its own build service, and there may be an opportunity for the two projects to collaborate to bring this functionality to their respective build services.
Last May, Canonical, the company that sponsors Ubuntu, launched a closed beta of a web storage and synchronisation service called Ubuntu One. The service provided 2GB of free online storage space or 10GB of space for $10 a month. The service provided storage synchronisation between computers running Ubuntu and a Canonical-run web service that tapped Amazon’s S3 for storage. Since then, the beta has gone public, the storage cap for paid subscriptions has been raised to 50GB, and the service has expanded beyond file synchronisation to take on data sync duties for specific Ubuntu desktop applications.
For instance, the version of the Tomboy note-taking application that comes with Ubuntu 9.10 includes Ubuntu One among its list of note synchronisation targets, making it possible to use the Canonical service to keep one’s notes in sync on multiple machines – eventually. So far, I haven’t managed to get this feature to work on my test system. Similar sync options have turned up for contact records used with the distribution’s Evolution mail client and for Firefox bookmarks, both of which rely on the document-oriented database project CouchDB for syncing up with Ubuntu One.
The Ubuntu One service, and its associated client-side components, are definitely still rough around the edges – the web-based interfaces for viewing notes and browsing files, in particular, could use an overhaul. However, I’m impressed with the promise of these capabilities to bridge the divide between locally run and web-based applications on the Linux desktop.
Executive Editor Jason Brooks can be reached at jbrooks@eweek.com
Page: 1 2
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
US prosecutors confirm earlier reports, demand Google sells off Chrome web browser and end default…
Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…
Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries