Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ubuntu Application Confinement

Published byCharlene Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "Ubuntu Application Confinement"— Presentation transcript:

1 Ubuntu Application Confinement
Or: How I learned to stop worrying and trust application developers Ted Gould @tedjgould SMU 3 Sept 2014

2 “I'm more worried about Murphy than I am Machievilli” — Michi Henning

3 Ideal Cracker

4 Diminished User Experience

5 Dead Battery © Andy Armstrong — CC-BY-SA —

6 Data Protection © Josh Hallett — CC-BY —

7 Physical Destruction © Antti T. Nissinen — CC-BY —

8 Phone Usage

9

10 App App

11

12

13 App Writable Area ~/.cache/$(pkg) ~/.local/share/$(pkg) ~/.config/$(pkg) App Readable Area /usr/share/icons/ /bin/sh /usr/bin/qmlscene App Restricted Area ~/.cache/$(other pkg) ~/.local/share/address-book ~/Documents/

14

15

16

17 Application Switcher

18 Presentation Application Switcher

19 Infinite App Illusion Technical User How many apps can I run? 1 GB RAM
1 GHz Quad Core

20

21

22 User Interaction Only!!!

23

24 Linux Kernel OOM Killer
(want to include graphics resources in the future)

25

26 What happens: App is asked to save state Graphic buffers grabbed for screenshot Timeout, then all processes are sent SIGSTOP

27 What happens: NOTHING!

28 Positive: Ask to save state nicely via life cycle Stop using processing when not asked Negative: SIGSTOP apps SIGKILL apps on OOM killer

29

30

31 DBus

32 DBus Message Header Type Signal or Method Destination
:0.54 or “com.canonical.Unity” Path /com/canonical/Unity/Dash Interface com.canonical.unity.dash Method ShowAttention Payload [“foo”, “bar”]

33

34

35

36 Request permission at time of use

37 Review (1/2) Ubuntu Applications are¹: ELF Binaries Link to C libs
Draw on an EGL Buffer ¹ This is really only from a confinement/lifecycle perspective, we have a really nice QML SDK that makes application author's lives much easier, you should use it if you can.

38 Review (2/2) Ubuntu Applications are:
Confined. By default the applications are restricted from using a lot of functionality that might be expected from a traditional Linux user session. Managed. The application lifecycle works to keep the user in control of what is draining the battery and using resources. Have Friends. Trusted helpers provide ways to implement the functionality you need and work with confinement.

39 Additional Info http://www.ubuntu.com/phone

40 © Stéfan — CC-BY-SA — https://www.flickr.com/photos/st3f4n/143623934

Download ppt "Ubuntu Application Confinement"

Similar presentations

FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.
Cyberbullying When good technology goes bad…….. Stay safe in cyberspace.

Cyberbullying When good technology goes bad…….. Stay safe in cyberspace.
ITEC 320 Lecture 12 Higher level usage of pointers.

ITEC 320 Lecture 12 Higher level usage of pointers.
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen
March 2009IETF 74 - NSIS1 Implementation of Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-02 Se Gi Hong*,

March 2009IETF 74 - NSIS1 Implementation of Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-02 Se Gi Hong*,
Ubuntu/ Linux Mobile Phone operating systems My Cole Eldridge.

Ubuntu/ Linux Mobile Phone operating systems My Cole Eldridge.
YOUR INFORMATION YOUR DECISIONS YOUR LIFE. The INDIVIDUAL is the BEST POINT of ORIGINATION and INTEGRATION for DATA RELATING TO THEMSELVES.

YOUR INFORMATION YOUR DECISIONS YOUR LIFE. The INDIVIDUAL is the BEST POINT of ORIGINATION and INTEGRATION for DATA RELATING TO THEMSELVES.
IT Systems Operating System EN230-1 Justin Champion C208 – 3273 www.staffs.ac.uk/personal/engineering_and_technology/jjc1.

IT Systems Operating System EN230-1 Justin Champion C208 –
Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.

Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.
Experiment: Step by Step Author: Anna Bekkerman

Experiment: Step by Step Author: Anna Bekkerman
Ubuntu Workstations Western Oregon University CS\IS Jesse Greene 503.508.9812.

Ubuntu Workstations Western Oregon University CS\IS Jesse Greene
Cyber Bullying BEAT BULLYING.

Cyber Bullying BEAT BULLYING.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Android Middleware Bo Pang Bpang@cc.hut.fi.

Android Middleware Bo Pang
About me Yichuan Wang Android Basics Credit goes to Google and UMBC.

About me Yichuan Wang Android Basics Credit goes to Google and UMBC.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Similar presentations

Ads by Google