Chris Knadle wrote: > On Wednesday 02 January 2008, Joe Apuzzo wrote: >> Chris Knadle wrote: >>> Hey, Joe. >>> >>> On Tuesday 01 January 2008, Joe Apuzzo wrote: >>>> You will not want to miss this talk! I've dug down deep into the Ubuntu >>>> (aka Debian) distro to show all the powerful but not well know commands >>>> Also contrary to my other nickname (GUI-Joe) this talk will be 85% >>>> command line, building to a demonstration on how to rescue a system when >>>> the admin makes fatal mistakes (been down that road many times). >>> Are you going to be discussing Ubuntu's use of AppArmor in relation to >>> this, by chance? >>> >>> -- Chris >> Well when I saw that my talk was about 4+ hours long I pulled the >> section on security since it was a topic unto itself and was not really >> specific to Debian. > > Okay. > Right now Ubuntu has AppArmor, but Debian itself DOES NOT. There is work > going on to bring AppArmor to Debian, but of course it's going to be SOME > TIME before it reaches the Stable distribution... > >> Would you be up to learning about "applied security" and presenting >> that? A talk on how to implement security systems for everyday use like >> AppArmor etc? >> >> Let us know ;-) > > I take it you mean "go away" via "that's the voice of a volunteer". :-P
No it's just that the same people should not always give the talks aka we need fresh faces and new speakers to keep the LUG fresh. > Bruce Locke already gave a talk recently on SELinux in June, plus Mike and > Bruce gave a "Security and Privacy" talk in October where Bruce discussed the > audit daemon and Mike talked about TPM and encryption. So if I gave a talk > on a related subject, it would be specifically about AppArmor, and since my > chosen distribution is Debian and Debian doesn't *have* AppArmor, well... > that kind of defeats the purpose for now. ;-) > > Plus right now I don't have a laptop I can do a presentation WITH. I > considered attempting a CCFL -> LED backlight conversion to try to get > something that works, but I also have better things I can be doing. > And if I *did* have a working laptop, I think a better presentation for me > to focus on was the "building kernels the Debian way" talk idea I posted, > which would be something that would cover some of the requests for talks that > people had. > I'm sure someone ( if not I ) could lend you a laptop to use for the presentation. In which case we could do a tag team, as in you send me the prez and your requirements and I will set that up in advance. > The *reason* I asked about whether you were discussing AppArmor is that > somebody on the Nylug list is having a problem with a USB printer such that > AppArmor in Ubuntu seems to be denying cupsd access to /dev/tty. [I.E. the > current terminal.] So I was curious if your Advanced Ubuntu talk concerning > how to rescue a system was going to cover stuff like that. I didn't even > know Ubutnu even *HAD* AppArmor active until I had asked the asker to look at > the output of 'dmesg', expecting to see USB disconnections, and the OP showed > some of the "audit" messages he was seeing. > Anyway that was my reason for the question. AppArmor seems broken at best in 7.10: from http://www.ubuntu.com/getubuntu/releasenotes/710 Printing with AppArmor Ubuntu 7.10 introduces an additional security layer called AppArmor, whose support for CUPS printing is not yet complete. This will result in printing failures in certain corner cases described below. The workaround in each of these cases is to disable the AppArmor CUPS profile by running sudo aa-complain cupsd. AppArmor support may be re-enabled by running sudo aa-enforce cupsd. * Printing to bluetooth printers does not work with AppArmor enabled. Bug #147800 * Many third-party printer drivers (especially from printer manufacturers) do not work. Bug #152537 It's just too much of a cluge at this point and would distract from the reset of the talk. If anyone is interested then please read: https://help.ubuntu.com/community/AppArmor > -- Chris > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > > Dec 5 - Open Source Show and Tell > Jan 2 - TBD > Feb 6 - DBUS > Mar 5 - Setting up a platform-independent home/small office network using > Linux
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
