SELinux vs Apparmor for home use - Steam - AMD
 

Would it be practical to have either SELinux or AppArmor for a home computer? The only two things I'm worried about are the proprietary AMD drivers and Steam. I literaly know NOTHING about SELinux or AppArmor so I'm relying on the more experienced users here.

All I need is to make sure they (Steam and the AMD Drivers) are contained within themselves and that my system will be a little more secure if an attack is posed against them.

Regards,
Amarildo

It's not good security wise to use a proprietary binaries. Even then or if you trust them then Apparmr would be more easy than Selinux to setup. Read them about in Linux kernel sources documentation or online in browseable kernel sources.

Things like SEL and AppArmor are probably overkill for the home user. If you connect to the internet via a router, its firewall should be enough. If you use a modem, make sure you have your own firewall on the computer. If you are using a Debian-based distro like Mint, you need to enable it by installing and running gufw.

If you want one, then it depends on your distro. SEL is enabled by default in Fedora and CentOS, but I've heard that it can be a pain to set up in Debian-based distros. AppArmor comes with OpenSUSE and (partially, I believe) with Ubuntu and Mint.

it REALLY!!!! depends on your Operating system

on redhat it would be rather difficult to use apparmor

redhat USES SELinux

and on it would also be rather difficult to use SElinux
seeing as it defaults to apparmor


on OpenSUSE you can choose

BUT you have to do some things manually for what ever you use

Sure, but there's no alternative. Even if I want to get 75 Hz on my CRT monitor I need the proprietary Firmware for my card.

I'm on Debian, with GUFW, behind a router that masks my computer - all non-solicited packages are redirected to an IP that doesn't exist on my network, and all pings are blocked as well.

I couldn't find any info if there's a profile on AppArmor for AMD drivers and Steam o.O

For the proprietary AMD drivers, I would think you are pretty much out of luck, they have direct access to the kernel, so there is not much you can do about that.
For Steam, if you are concerned about that I would just put it into a container, so that all that Steam sees is an OS that is used for nothing but Steam.

Too bad, because I need the proprietary drivers in order to render my Blender models with my GPU, which uses OpenCL for that (in combination with Luxrender).

Even if only rendered my models with the CPU it would be impossible to even move the camera around as the scenery is highly detailed and boggles everything if there's no proprietary code running on the GPU side.

I guess I don't have a choice for now. One of my drives died yesterday (80GB, old) and so I can't use it for a pure GNU system.

I wouldn't worry: use your AMD driver and be happy. That's what everyone does, except for a handful of Free Software Fanatics, and I haven't yet heard of anyone being hacked by a video driver!

Not to mention that even if you use the free driver instead it still needs a whole load of proprietary firmware to actually work.

Actually, it does. That bugs the crap out of me: how come Linux is licensed under the GPL but has non-free code in it?

But that doesn't matter because I decided to become a programmer and drop my 3D modeling skills. I'm still deciding between pure Debian, or Parabola. Parabola is great, I've been an Arch user for several years and so I feel "at home" while using it. However, it's IceWeasel makes my monitor to flicker if I watch a Youtube video. I'll try different browsers today to see if that still happens.

never had any SE issues with the nvidia driver and have NEVER heard of any with the AMD driver

NO issues with both the open and closed versions

and never had ANY SE issues with Blender , NEVER


I have also never heard of a ATI/AMD or Nvidia issue , nor a Blender issue with apparmor

It hasn't. The firmware is not part of the kernel. By the way, not everything in the kernel is GPL licensed, the free AMD drivers for example use some kind of MIT license (IIRC, the same license that Xorg uses).