StarMirror
/
qTox
mirror of https://github.com/qTox/qTox
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs(apparmor): Refactor links 

Move links to the bottom of the document to conform to the qTox
documentation guidelines.
reviewable/pr5577/r2
Vincas Dargis 2019-03-25 19:50:18 +02:00
parent 11a32e3371
commit 52883bbbe3
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
security/apparmor/README.md
View File

@ -1,12 +1,12 @@
# Hardening qTox with AppArmor
qTox can be confined with AppArmor on Linux to reduce attack vectors in case remote code execution exploit is being used. Please note that [MAC's](https://en.wikipedia.org/wiki/Mandatory_access_control) (of course) does not guarantee perfect security, but it will:
qTox can be confined with AppArmor on Linux to reduce attack vectors in case remote code execution exploit is being used. Please note that [MAC's] (of course) does not guarantee perfect security, but it will:
- Deny access to your `~/.bashrc`, `~/.ssh/*` `~/.config/path/to/your/password/manager/file`, etc.
- Deny creating autostart entries (in `~/.config/autostart`, etc).
- Deny launching random executables (like `sudo`, `su`, etc...).
- And more.
Consider using additional security measures like [Firejail](https://firejail.wordpress.com/) to improve security even more.
Consider using additional security measures like [Firejail] to improve security even more.
Please also note that not all distributions has full AppArmor feature set available. For example, Debian (at least up to Debian 10 (buster)) does not have network, DBus mediation available. Also, X Server, shared user configuration files (like `~/.config/QtProject.conf`, caches, etc), opening web links via unconfined browsers introduces additional attack vectors, too. So please be cautious even with number of security measures applied.
@ -119,5 +119,10 @@ Restart AppArmor and [check](#checking-if-qtox-is-actually-confined) if `qTox` p
## Other resources
Check [Debian](https://wiki.debian.org/AppArmor), [Ubuntu](https://wiki.ubuntu.com/AppArmor), [Upstream AppArmor](https://gitlab.com/apparmor/apparmor/wikis/home) Wiki pages for more info.
Check [Debian], [Ubuntu], [Upstream AppArmor] Wiki pages for more info.
[Debian]: https://wiki.debian.org/AppArmor
[Firejail]: https://firejail.wordpress.com
[MAC's]: https://en.wikipedia.org/wiki/Mandatory_access_control
[Ubuntu]: https://wiki.ubuntu.com/AppArmor
[Upstream AppArmor]: https://gitlab.com/apparmor/apparmor/wikis/home