Feature changed by: Paul Parker (paulparker) Feature #312927, revision 11 Title: Use AppArmor or SELinux for every (suse) package openSUSE Distribution: Unconfirmed Priority Requester: Neutral Requested by: ich mich (yetanothernoob) Partner organization: openSUSE.org Description: It would be nice to add apparmor or selinux profiles to every rpm package and , of course, use them! It would let suse become one of the most secure linux systems out there. And the best: the user just installs a package and hasen't to care about anything ;) But it would also need a secure (GUI) "Permission Asker", like windows and of course an easy to use frontend for editing profiles (just easier than the current yast one) Sorry for my bad english, hope anyone got what i mean :D Use Case: if you take eg firefox: it's allowed to read and modify EVERYTHING in your home directory and it also can read all system files...but in fact it just needs to have write access to your ~/Downloads directory...if someone hacks firefox its really useless, because he could just copy a file to downloads (if you don't allow firefox to delete files he may gets very frustrated xD) if you apply this "app armor" for every binary on your system it's nearly impossible hacking it (again, sorry for my bad english) Business case (Partner benefit): openSUSE.org: Because suse should be REALLY secure without getting in the users way Discussion: #1: ich mich (yetanothernoob) (2011-11-01 16:08:52) ... #2: Roger Luedecke (shadowolf7) (2011-11-08 03:33:51) Not feasible. Especially for Web Browsers. #3: ich mich (yetanothernoob) (2011-11-08 19:55:28) (reply to #2) why? + #4: Paul Parker (paulparker) (2013-03-02 01:33:15) + Warning: am NON-Technical user ;-) Installation of new version of + openSUSE needs start at basic security level. Earlier openSUSE came + with apparmour installed and preconfigured, now each user needs act to + install and configure. Selinux also needs users install and set up. + Businesses with specialist technical staff to do these things, leaves + out the many other users. Other uses, particularly we NON-Technical + types. depend on both Documentation and Forums, to improve our basic + security. + Should "Security" be a specific branch in user forums ? + Security needs be central to everything done on the computer, else + users making passive decision their content available for everyone else + to read. -- openSUSE Feature: https://features.opensuse.org/312927