AppArmor - Error Messages log files - Mensagens de Erro arquivos de log

Another Linux user with the same problem in AppArmor. Access the link.

https://forum.eset.com/topic/17266-apparmorselinux-support/

I don't know if Ubuntu can really help with this problem , it's not their problem , it's ESET's

Hello Rami

Can not both parties be able to let go of the ego and work together on this very important issue that is security for all Linux users?

I think so, there is only goodwill!

Let's wait and see if they have this.

Strong embrace Rami

Edson Santos

*****************************

Olá Remi

Será que ambas as partes não podem abrir mão do ego e trabalharem juntas nesta questão tão importante que é a segurança para todos os usuários Linux?

Creio que sim, basta haver boa vontade!

Vamos aguardar e ver se possuem isso.

Forte abraço Rami

Edson Santos

Hey Edson,

ESET doesn't seem to have Linux on their priority because their Linux userbase seems to be small and not that big comparing to Windows / Mac,

When ESET v4 was released , AppArmor wasn't available back in the time it wasn't developed yet.
I'm not that experienced with AppArmor , but I think if one can properly configure AppArmor to work with ESET , it will work as far as I can imagine.

But the problem is from ESET's side , so they have made a program that doesn't work with SELinux , and not compatible with AppArmor.

I've been on this problem for a while now , and it seems that ESET is so quiet about any replies, So I wonder if Ubuntu team will take a look at this problem, I would be very glad if someone fixes it , even if it was a workaround but atleast a fix.

Thanks.

On Wed, Nov 14, 2018 at 09:03:13AM -0000, Rami Hakim wrote:
> When ESET v4 was released , AppArmor wasn't available back in the time
> it wasn't developed yet.

While ESET the company predates AppArmor, AppArmor predates this specific
version of ESET NOD32 :)

https://web.archive.org/web/20000818164529/http://www.immunix.org:80/documentation.html#codomain

(Back in the 90s AppArmor was known as "CoDomain" and "SubDomain"
and started life as the "mighty morphin[g?] file system".)

> I'm not that experienced with AppArmor , but I think if one can properly
> configure AppArmor to work with ESET , it will work as far as I can
> imagine.

Probably yes, at least if ESET's code injections are relatively
straightforward and don't do anything too surprising. Policies will need
to be adapted to adjust for the injected code, but that's just the way it
is. Used resources must be enumerated.

> But the problem is from ESET's side , so they have made a program that
> doesn't work with SELinux , and not compatible with AppArmor.

I suspect the story on SELinux is similar -- they "just" need to modify
policy to recognize that all domains can communicate all types to the ESET
scanner. It would probably also require modifying policy to allow the code
injection to work in all domains.

> I've been on this problem for a while now , and it seems that ESET is so
> quiet about any replies, So I wonder if Ubuntu team will take a look at
> this problem, I would be very glad if someone fixes it , even if it was
> a workaround but atleast a fix.

We're happy to address specific DENIED messages (though the apparmor mail
list would probably be the better venue) but are unlikely to prioritise
actually installing and configuring ESET ourselves.

https://lists.ubuntu.com/mailman/listinfo/apparmor

We're also unlikely to modify our default policies. The tradeoff between
MAC policy and AV is best made by individual sysadmins.

Thanks

Thank you for the explanation I guess it's up to the user to fix that issues with AppArmor , or to wait for ESET to release an update that will make their AV work with AppArmor

Thanks again.