Previous: 21b-Virtualization.html
Included as part of lecture: 21d-PracticalPersonal.html
Skype uploadded shadow files, MS got hand caught in cookie jar by
apparmor, and recently does it again:
https://www.osnews.com/story/137828/new-outlook-sends-passwords-mails-and-other-data-to-microsoft/
https://mailbox.org/en/post/warning-new-outlook-sends-passwords-mails-and-other-data-to-microsoft
https://en.wikipedia.org/wiki/Linux_Security_Modules
* Linux Security Modules (LSM) is a framework that allows the Linux
kernel to support a variety of computer security models while avoiding
favoritism toward any single security implementation.
* The framework is licensed under the terms of the GNU General Public
License and is standard part of the Linux kernel since Linux 2.6.
* AppArmor, SELinux, Smack, TOMOYO Linux, and Yama are the currently
accepted modules in the official kernel.
https://en.wikipedia.org/wiki/AppArmor
* AppArmor supplements the traditional Unix discretionary access control
(DAC) model by providing mandatory access control (MAC).
* Defined by central configuration files, without modifying files or
processes
* Restricts only user-specified processes (defined by path) access over
entities (files, network, etc.)
https://en.wikipedia.org/wiki/Security-Enhanced_Linux
* SELinux also supplements the traditional Unix discretionary access
control (DAC) model by providing mandatory access control (MAC).
* Denies all requests by default.
* Defined by labels on files and processes as part of file-system,
rather than merely a central configuration.
* Everything gets labeled, processes, users, files, ports, etc., and
permissions map these groups to each other.
* Typical policy is distributed by the operating system (e.g., Fedora,
CentOs), but these are designed to be permissive, and tend to be
server-focused.
+++++++++++++++++++++ Cahoot-21d.1