LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-22-2015, 08:08 PM   #1
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Rep: Reputation: Disabled
SELinux vs Apparmor for home use - Steam - AMD


Would it be practical to have either SELinux or AppArmor for a home computer? The only two things I'm worried about are the proprietary AMD drivers and Steam. I literaly know NOTHING about SELinux or AppArmor so I'm relying on the more experienced users here.

All I need is to make sure they (Steam and the AMD Drivers) are contained within themselves and that my system will be a little more secure if an attack is posed against them.

Regards,
Amarildo
 
Old 04-24-2015, 06:30 AM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
It's not good security wise to use a proprietary binaries. Even then or if you trust them then Apparmr would be more easy than Selinux to setup. Read them about in Linux kernel sources documentation or online in browseable kernel sources.
 
Old 04-24-2015, 11:03 AM   #3
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,517

Rep: Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407
Things like SEL and AppArmor are probably overkill for the home user. If you connect to the internet via a router, its firewall should be enough. If you use a modem, make sure you have your own firewall on the computer. If you are using a Debian-based distro like Mint, you need to enable it by installing and running gufw.

If you want one, then it depends on your distro. SEL is enabled by default in Fedora and CentOS, but I've heard that it can be a pain to set up in Debian-based distros. AppArmor comes with OpenSUSE and (partially, I believe) with Ubuntu and Mint.
 
Old 04-24-2015, 02:11 PM   #4
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,107

Rep: Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478
it REALLY!!!! depends on your Operating system

on redhat it would be rather difficult to use apparmor

redhat USES SELinux

and on it would also be rather difficult to use SElinux
seeing as it defaults to apparmor


on OpenSUSE you can choose

BUT you have to do some things manually for what ever you use
 
Old 04-24-2015, 03:00 PM   #5
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by veerain View Post
It's not good security wise to use a proprietary binaries.
Sure, but there's no alternative. Even if I want to get 75 Hz on my CRT monitor I need the proprietary Firmware for my card.

Quote:
Originally Posted by DavidMcCann View Post
Things like SEL and AppArmor are probably overkill for the home user. If you connect to the internet via a router, its firewall should be enough. If you use a modem, make sure you have your own firewall on the computer. If you are using a Debian-based distro like Mint, you need to enable it by installing and running gufw.

If you want one, then it depends on your distro. SEL is enabled by default in Fedora and CentOS, but I've heard that it can be a pain to set up in Debian-based distros. AppArmor comes with OpenSUSE and (partially, I believe) with Ubuntu and Mint.
I'm on Debian, with GUFW, behind a router that masks my computer - all non-solicited packages are redirected to an IP that doesn't exist on my network, and all pings are blocked as well.

Quote:
Originally Posted by John VV View Post
it REALLY!!!! depends on your Operating system

on redhat it would be rather difficult to use apparmor

redhat USES SELinux

and on it would also be rather difficult to use SElinux
seeing as it defaults to apparmor


on OpenSUSE you can choose

BUT you have to do some things manually for what ever you use
I couldn't find any info if there's a profile on AppArmor for AMD drivers and Steam o.O
 
Old 04-24-2015, 03:05 PM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,133
Blog Entries: 2

Rep: Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839
For the proprietary AMD drivers, I would think you are pretty much out of luck, they have direct access to the kernel, so there is not much you can do about that.
For Steam, if you are concerned about that I would just put it into a container, so that all that Steam sees is an OS that is used for nothing but Steam.
 
Old 06-05-2015, 05:03 PM   #7
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Too bad, because I need the proprietary drivers in order to render my Blender models with my GPU, which uses OpenCL for that (in combination with Luxrender).

Even if only rendered my models with the CPU it would be impossible to even move the camera around as the scenery is highly detailed and boggles everything if there's no proprietary code running on the GPU side.

I guess I don't have a choice for now. One of my drives died yesterday (80GB, old) and so I can't use it for a pure GNU system.
 
Old 06-06-2015, 11:49 AM   #8
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,517

Rep: Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407Reputation: 1407
Quote:
Originally Posted by Amarildo View Post
Too bad, because I need the proprietary drivers in order to render my Blender models with my GPU, which uses OpenCL for that (in combination with Luxrender).
I wouldn't worry: use your AMD driver and be happy. That's what everyone does, except for a handful of Free Software Fanatics, and I haven't yet heard of anyone being hacked by a video driver!
 
Old 06-06-2015, 12:12 PM   #9
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,133
Blog Entries: 2

Rep: Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839
Quote:
Originally Posted by DavidMcCann View Post
I wouldn't worry: use your AMD driver and be happy. That's what everyone does, except for a handful of Free Software Fanatics, and I haven't yet heard of anyone being hacked by a video driver!
Not to mention that even if you use the free driver instead it still needs a whole load of proprietary firmware to actually work.
 
Old 06-06-2015, 12:28 PM   #10
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Actually, it does. That bugs the crap out of me: how come Linux is licensed under the GPL but has non-free code in it?

But that doesn't matter because I decided to become a programmer and drop my 3D modeling skills. I'm still deciding between pure Debian, or Parabola. Parabola is great, I've been an Arch user for several years and so I feel "at home" while using it. However, it's IceWeasel makes my monitor to flicker if I watch a Youtube video. I'll try different browsers today to see if that still happens.
 
Old 06-06-2015, 01:02 PM   #11
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,107

Rep: Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478
Quote:
Too bad, because I need the proprietary drivers in order to render my Blender
never had any SE issues with the nvidia driver and have NEVER heard of any with the AMD driver

NO issues with both the open and closed versions

and never had ANY SE issues with Blender , NEVER


I have also never heard of a ATI/AMD or Nvidia issue , nor a Blender issue with apparmor
 
Old 06-06-2015, 04:13 PM   #12
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,133
Blog Entries: 2

Rep: Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839Reputation: 4839
Quote:
Originally Posted by Amarildo View Post
Actually, it does. That bugs the crap out of me: how come Linux is licensed under the GPL but has non-free code in it?
It hasn't. The firmware is not part of the kernel. By the way, not everything in the kernel is GPL licensed, the free AMD drivers for example use some kind of MIT license (IIRC, the same license that Xorg uses).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
key differences between SElinux and Apparmor? ktandel Linux - Newbie 2 05-14-2014 01:19 PM
main differences between SElinux and Apparmor? ktandel Linux - Kernel 1 05-13-2014 01:36 PM
AppArmor and Selinux yamadataro Linux - Newbie 5 11-10-2011 07:18 AM
SELinux vs AppArmor sambesange Linux - Security 4 11-07-2008 09:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration