Difference between revisions of "UbuntuSecurity"
(Removed header) |
|||
| Line 1: | Line 1: | ||
Akima's simple guide to LÖVE security sandboxing for Ubuntu users. | Akima's simple guide to LÖVE security sandboxing for Ubuntu users. | ||
| − | == Overview == | + | == Overview (^-^) == |
AppArmor is a piece of security software that is already present on your Ubuntu computer and already configured by default to protect some software services running on your machine. | AppArmor is a piece of security software that is already present on your Ubuntu computer and already configured by default to protect some software services running on your machine. | ||
| Line 11: | Line 11: | ||
'''Disclaimer:''' Until otherwise stated, this LÖVE security enhancement is not endorsed or supported by the LÖVE development team. | '''Disclaimer:''' Until otherwise stated, this LÖVE security enhancement is not endorsed or supported by the LÖVE development team. | ||
| − | == Requirements == | + | == Requirements (-_-)ZZZzzzz == |
You must be using an officially packaged .deb install of LÖVE. They can be downloaded on the [http://love2d.org/ LÖVE home page]. | You must be using an officially packaged .deb install of LÖVE. They can be downloaded on the [http://love2d.org/ LÖVE home page]. | ||
| Line 26: | Line 26: | ||
The apparmor profile ''should'' work on other [http://www.canonical.com/ Canonical] supported versions of Ubuntu Desktop. | The apparmor profile ''should'' work on other [http://www.canonical.com/ Canonical] supported versions of Ubuntu Desktop. | ||
| − | == The Instructions == | + | == The Instructions \(^-^)/ == |
'''1) Save the apparmor profile.''' To do that: select and copy the apparmor profile text below, paste it into a text editor and save it to a file called "usr.bin.love" in the root of your home directory: eg: /home/your_user_name/usr.bin.love | '''1) Save the apparmor profile.''' To do that: select and copy the apparmor profile text below, paste it into a text editor and save it to a file called "usr.bin.love" in the root of your home directory: eg: /home/your_user_name/usr.bin.love | ||
| Line 61: | Line 61: | ||
</source> | </source> | ||
| − | == Removing the profile == | + | == Removing the profile (>_<) == |
If you ever want to remove the AppArmor security profile you added and go back to how it was before, it is quite simple. Open a terminal again and one line at a time enter each of these commands into the terminal: | If you ever want to remove the AppArmor security profile you added and go back to how it was before, it is quite simple. Open a terminal again and one line at a time enter each of these commands into the terminal: | ||
| Line 71: | Line 71: | ||
That's it! | That's it! | ||
| − | == Advanced Geek AppArmor Stuff == | + | == Advanced Geek AppArmor Stuff (^_~) == |
This section is for people who want to know more about AppArmor and perhaps customize, extend or otherwise improve their AppArmor profile. | This section is for people who want to know more about AppArmor and perhaps customize, extend or otherwise improve their AppArmor profile. | ||
| Line 85: | Line 85: | ||
| − | == | + | == Bugs (._.) == |
Found a bug? Have a problem? Got a suggested update for this page? | Found a bug? Have a problem? Got a suggested update for this page? | ||
| − | Then [http://love2d.org/forums/memberlist.php?mode=viewprofile&u=2076 PM Akima!] | + | Then [http://love2d.org/forums/ post in the forums] or [http://love2d.org/forums/memberlist.php?mode=viewprofile&u=2076 PM Akima!] |
If you confirm the apparmor profile to work on an unlisted copy of the LÖVE engine or Ubuntu then update the "Requirements" section of this page accordingly. | If you confirm the apparmor profile to work on an unlisted copy of the LÖVE engine or Ubuntu then update the "Requirements" section of this page accordingly. | ||
Revision as of 19:03, 28 March 2011
Akima's simple guide to LÖVE security sandboxing for Ubuntu users.
Contents
Overview (^-^)
AppArmor is a piece of security software that is already present on your Ubuntu computer and already configured by default to protect some software services running on your machine.
This page provides straight forward instructions that explain how to secure the LÖVE engine using an AppArmor profile. The effect of securing the LÖVE engine will be that .love games will have very restricted access to your computer so they can only use the parts of your computer that are necessary. The games will not be able to access your private files and will not be able to start any other executables on your system.
One drawback of doing this may be that some .love games may try to do things which the AppArmor profile does not permit. The game will be stopped from doing whatever that might be and how the game behaves after that is mysterious and unknown! Nothing bad can happen to your computer from doing this though. The idea of doing this is to make your computer and private files safer after all.
Disclaimer: Until otherwise stated, this LÖVE security enhancement is not endorsed or supported by the LÖVE development team.
Requirements (-_-)ZZZzzzz
You must be using an officially packaged .deb install of LÖVE. They can be downloaded on the LÖVE home page.
The following setups have been tested and are confirmed working:
LÖVE versions:
- 0.6.2
- 0.7.1
Ubuntu versions:
- Ubuntu Desktop 10.04 (64bit).
The apparmor profile should work on other Canonical supported versions of Ubuntu Desktop.
The Instructions \(^-^)/
1) Save the apparmor profile. To do that: select and copy the apparmor profile text below, paste it into a text editor and save it to a file called "usr.bin.love" in the root of your home directory: eg: /home/your_user_name/usr.bin.love
# Last Modified: Mon Jul 5 13:37:49 2010
#include <tunables/global>
/usr/bin/love {
#include <abstractions/X>
#include <abstractions/audio>
#include <abstractions/base>
/etc/openal/alsoft.conf r,
/usr/bin/love r,
owner /proc/*/cmdline r,
/var/lib/dbus/machine-id r,
owner /var/run/gdm/auth*/database r,
/**.love r,
@{HOME}/.love/ rw,
@{HOME}/.love/** rw,
}
2) Open a terminal. You should be able to find Gnome Terminal under: Applications -> Accessories -> Terminal
3) Activate the profile. One line at a time enter each of these commands into the terminal:
sudo mv ~/usr.bin.love /etc/apparmor.d
sudo chown root:root /etc/apparmor.d/usr.bin.love
sudo apparmor_parser --add /etc/apparmor.d/usr.bin.love
Removing the profile (>_<)
If you ever want to remove the AppArmor security profile you added and go back to how it was before, it is quite simple. Open a terminal again and one line at a time enter each of these commands into the terminal:
sudo apparmor_parser --remove /etc/apparmor.d/usr.bin.love
sudo rm /etc/apparmor.d/usr.bin.love
That's it!
Advanced Geek AppArmor Stuff (^_~)
This section is for people who want to know more about AppArmor and perhaps customize, extend or otherwise improve their AppArmor profile.
An AppArmor profile simply contains a series of instructions telling AppArmor what a piece of software can and cannot do. If you want to understand the rules inside a profile better read the apparmor.d man page.
The apparmor profile we are using is very restrictive. It should allow most .love games to work but some games may require more access than the profile permits. If you want to receive desktop notifications when AppArmor has restricted a game from doing something then install the apparmor-notify package.
sudo apt-get install apparmor-notify
A good place to learn more is the Ubuntu AppArmor wiki page.
Bugs (._.)
Found a bug? Have a problem? Got a suggested update for this page? Then post in the forums or PM Akima!
If you confirm the apparmor profile to work on an unlisted copy of the LÖVE engine or Ubuntu then update the "Requirements" section of this page accordingly.
