Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] AppArmor in SUSE 10.0
  • From: Crispin Cowan <crispin@xxxxxxxxxx>
  • Date: Sun, 30 Apr 2006 15:52:04 -1000
  • Message-id: <445569C4.7090801@xxxxxxxxxx>
Malte Gell wrote:
> On Sunday 30 April 2006 21:31, Marcus Meissner wrote:
>
>> I will bring up if we can un-restrict the 10.0 version via YOU.
>>
> That woul be really great, thanks! AppArmor really is a cool thing,
> other operating systems can only dream of something like this ;-)
>
To un-restrict AppArmor 1.2 in SUSE Linux 10.0, place the attached file
darix.pem into /etc/apparmor/certs/ and it'll unlock the whole mess.

What's going on: AppArmor 1.2 in SL10.0 has an evil DRM hack in it so
that it will only generate profiles for pathnames that SUSE has signed
for. This was as open as we could make it at the time that SL10.0 had to
ship last fall, before we had permission to open source AppArmor. My
apologies to everyone in inconvenienced.

The darix.pem key signs for everything, so you can profile any program
you want, which makes SL10.0 function just as if it had unrestricted
AppArmor. This should be less disruptive than trying to use AA from SL10.1.

Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com

-----BEGIN CERTIFICATE-----
MIIDkjCCAnygAwIBAgIBATALBgkqhkiG9w0BAQUwWjELMAkGA1UEBhMCVVMxEzAR
BgNVBAoTCk5vdmVsbCBJbmMxDTALBgNVBAsTBFN1U0UxFjAUBgNVBAgTDU1hc3Nh
Y2h1c2V0dHMxDzANBgNVBAMTBk5vdmVsbDAeFw0wNTA5MDkyMTA1MDRaFw0xMDA5
MDgyMTA1MDRaMFoxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpOb3ZlbGwgSW5jMQ0w
CwYDVQQLEwRTdVNFMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQDEwZO
b3ZlbGwwggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIBCQKCAQCuH1m9hvQi2AppTsYo
CG67l8PSWdVksBIYleijuJmebWZEH7fFiTSd98E5pXpjm0NKvNbwXgmeOIZZD+QO
TkbRD6M4jnmdEqY7oXM2z6IRXByoWj+aLEY57HS7jsVXSHXIkW6nuFwJFJOqlbdQ
07kSslxZfMjKb/o4Z+XIoqVNYHxBZ+Rh9Qso/IDvjV4KLW8jFQZsSKBEpjzYwN4S
hvJ4WQ4jLpb3BUoYm7aoTdNea+D9bFeYRAxYOMA6Yn8ZPLOFx0LsHlkWygxm7VfW
E+bPct3iMHKZ9TmFJe0u8v+qMV5KjGLJndAW+jYiYfKigOK2vK+VWPmiRGyVesxu
X46VAgMBAAGjajBoMBgGDGCGSAGG+DcBg3QBAQEB/wQFBAMvKiowDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQU5MH/nLd6Sw8l2SUVDf+jJ7/xH7owHwYDVR0jBBgwFoAU
m6tG7Q/SPkKPrtGatKNXDyZcvrkwCwYJKoZIhvcNAQEFA4IBAQBCCihMA9z20pis
UwclgUqyzeMJg6Bs6+pShNrE5DD3WOJLWs/OuUsrYmfoYZcivYtgPqv80uFjrYYv
9PsMgHjA19BR40LUVEd545ouKIib49ID03iQGof9pMQ+ozBR5bcR5Uy4QDR2vYvo
xde/McV61Fnm/Q16iQsdEZdUhoxMs2tuCdRXCA65S2+4nG+rS94krj/gpcXm2uSg
YhUCfLGaWYwP7v79AeEZrFOQUpf5IpYVTFs0f6baayi9eYAXNj5kccSr6LGn+kQO
lGDlLClze+kQhmiAEfQJBopalniWul2qj2YkdjkSQFBO2b0Ql52OVLsO3N4/9lM/
D8Iw0/l/
-----END CERTIFICATE-----
< Previous Next >
List Navigation