ubuntu application confinement - gould.cx · ubuntu application confinement or: how i learned to...
TRANSCRIPT
Ubuntu Application Confinement
Or: How I learned to stop worrying and trust application developers
Ubuntu Application Confinement
Or: How I learned to stop worrying and trust application developers
Ted [email protected]@tedjgouldSMU3 Sept 2014
“I'm more worried about Murphy than I am Machievilli”
— Michi Henning
IdealCracker
Diminished User Experience
© Andy Armstrong — CC-BY-SA — https://www.flickr.com/photos/andyarmstrong/190078748/
DeadBattery
© Josh Hallett — CC-BY — https://www.flickr.com/photos/hyku/368912557/
DataProtection
© Antti T. Nissinen — CC-BY — https://www.flickr.com/photos/54177777@N00/373864777/
PhysicalDestruction
Phone Usage
http://hbr.org/2013/01/how-people-really-use-mobile/
PID
Click Manifest
Desktop File
Helper Config
Unity Screen
AppArmor Profile
Upstart Instance
App
App
AppAppArmor Profile
Syscalls
Linux Security Module
Process
Linux
App Writable Area~/.cache/$(pkg)~/.local/share/$(pkg)~/.config/$(pkg)
App Readable Area/usr/share/icons//bin/sh/usr/bin/qmlscene
App Restricted Area~/.cache/$(other pkg)~/.local/share/address-book~/Documents/
AppMirDBus
Mir Server Mir Client
Graphics HW
Unity App
App 1
App 2
Mir
Device Display
ApplicationSwitcher
Presentation Application Switcher
Infinite App Illusion
Technical User
How many apps can I run?
1 GB RAM1 GHz Quad Core
Active Application
Paused Apps (RAM)
Stopped Offline
Stateless Stopped
Paused
Active
Stateless Stopped
Paused
Active
UserInteractionOnly!!!
Paused
Active
Stateless Stopped
Stateless
Active
Stopped
Paused Linux KernelOOM Killer
(want to include graphics resources in the future)
Stateless Stopped
Paused
Active
What happens:● App is asked to save
state● Graphic buffers
grabbed for screenshot● Timeout, then all
processes are sent SIGSTOP
Paused
Active
Stateless Stopped
What happens:● NOTHING!Stateless
Active
Stopped
Paused
Positive:Ask to save state nicely via life cycleStop using processing when not asked
Negative:SIGSTOP appsSIGKILL apps on OOM killer
Like
ly t
o b
e k
illed
Stopped App
Untrusted Helpers
Active Application
Unity
AppMirDBus
DBus
Service ServiceApp
Header
Type Signal or Method
Destination :0.54 or “com.canonical.Unity”
Path /com/canonical/Unity/Dash
Interface com.canonical.unity.dash
Method ShowAttention
Payload [“foo”, “bar”]
DBus Message
Service ServiceApp
AppArmor says NO!!!
App
Location
Online Accounts
URL Dispatcher
Address Book
AppArmorTrustedConfined
DBus Trusted Helpers
App
URL Dispatcher
Upstart
Browser
Unity
USERClick on a link Show the browser
Request permission at time of use
Ubuntu Applications are¹:● ELF Binaries● Link to C libs● Draw on an EGL Buffer
Review (1/2)
¹ This is really only from a confinement/lifecycle perspective, we have a really nice QML SDK that makes application author's lives much easier, you should use it if you can.
Ubuntu Applications are:● Confined. By default the applications are
restricted from using a lot of functionality that might be expected from a traditional Linux user session.
● Managed. The application lifecycle works to keep the user in control of what is draining the battery and using resources.
● Have Friends. Trusted helpers provide ways to implement the functionality you need and work with confinement.
Review (2/2)
Additional Info
http://www.ubuntu.com/phone
https://developer.ubuntu.com
https://wiki.ubuntu.com/Security/AppArmor
https://wiki.ubuntu.com/Mir
© Stéfan — CC-BY-SA — https://www.flickr.com/photos/st3f4n/143623934