Privilege restriction¶
Ubuntu provides a set of security features that allow restricting the privileges available to processes. Mandatory Access Control (MAC) is, by default, provided by AppArmor; other MAC solutions, implemented through Linux Security Module (LSM) hooks, are available, but not supported.
AppArmor¶
Filesystem Capabilities¶
The need for setuid applications can be reduced via the application of filesystem capabilities using the xattrs available to most modern filesystems. This reduces the possible misuse of vulnerable setuid applications. The kernel provides the support, and the user-space tools are in the Ubuntu Main compoment (libcap2-bin).
Regression tests: test-kernel-security.py.
PR_SET_SECCOMP¶
Setting SECCOMP for a process is meant to confine it to a small subsystem of system calls, used for specialized processing-only programs.
See test-kernel-security.py for regression tests.
Seccomp Filtering¶
Programs can filter out the availability of kernel syscalls by using the seccomp_filter interface, which allows for fine-grained control. This is done in containers or sandboxes that want to further limit the exposure to kernel interfaces when potentially running untrusted software.
See test-kernel-security.py for regression tests.
SELinux¶
SELinux is an inode-based MAC. Targeted policies are available for Ubuntu in universe. Installing the “selinux” package applies the necessary boot-time adjustments.
Regression tests: test-kernel-security.py.
SMACK¶
SMACK is a flexible inode-based MAC.
Regression tests: test-kernel-security.py.