apparmor.d
virt-manager
apparmor.d | virt-manager | |
---|---|---|
24 | 114 | |
365 | 2,152 | |
- | 2.2% | |
9.9 | 8.8 | |
5 days ago | 5 days ago | |
Go | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apparmor.d
-
Sandboxing All the Things with Flatpak and BubbleBox
If anyone want to look further into sandboxing applications on Linux, you can also look at AppArmor and the sandboxing features built into systemd.
I love this repository for bases for AppArmor profiles[1], really good work. Never found a repository as good for systemd, but there are a few around.
[1] https://github.com/roddhjav/apparmor.d
- Anyone writes AppArmor profiles?
-
AppArmor and Profile Inheritance
Then, categorize all your script zoo: maybe some script group want to only read the data, while some need to write, maybe one group needs to use certain set of binaries, and other group - others.
- How would you sandbox shady PDF files from the internet?
-
OpenSUSE Tumbleweed Security – firewall, fail2ban, apparmor
You could utilize some profiles from apparmor.d repo, but you should be slightly aware how it works (disclaimer: I'm the contributor).
-
FOSS alternative to Teamviewer
Regardless, I wrote an AppArmor profile so it couldn't happen again.
-
Cybersec student here. How it possible that Linux is more secure than Windows?
Maintainer's response.
-
MacOS-like support for directory access control on Linux, *per app*
There is a project in early development: apparmor.d. Adopting some or all profiles will do the job. To use it smoothly, basic AppArmor knowledge is required. (I'm the contributor)
-
AppArmor and Firefox: Does it actually work?
Dependent on the OS and Firefox distribution. I can advertise profile that I co-maintain. It uses non-standard tunables, which will require some README reading to get them into the system.
-
SELinux VS AppArmor - go!
Red Hat based distros come preconfigured with a lot of SELinux policies. With AppArmor, you get basically nothing. There is a project I also contribute to from time to time, that gives you a lot more policies, but this is entirely out-of-tree (https://github.com/roddhjav/apparmor.d).
virt-manager
-
Reproducing the printer hack of Windows 95
It's still being updated. I don't see anything on the virt-manager homepage or GitHub that would suggest it is deprecated.
https://virt-manager.org/
https://github.com/virt-manager/virt-manager
It can't do literally everything Qemu/libvirt can do using only the UI, but given that it has escape hatches to directly edit libvirt configurations, and libvirt has escape hatches to directly pass arguments to Qemu, there's very little you can't do with it.
-
Proxmox VE: Import Wizard for Migrating VMware ESXi VMs
I would love to see a serious comparison (features & performance) between VMWare ESXi, Proxmox VE and let's say a more stock RHEL or Ubuntu. And maybe even include FreeBSD/bhyve.
Because yes, in terms of core functionality it should be in the same ballpark. And in terms of UI, Virtual Machine Manager [0] was not that bad.
[0] https://virt-manager.org/
- Manage virtual machines with virt-manager
-
Quickemu: Quickly run optimised Windows, macOS and Linux virtual machines
Shout out to https://virt-manager.org/ - works much better for me, supports running qemu on remote systems via ssh. I used to use this all the time for managing bunches of disparate vm hosts and local vms.
-
Oracle data base
If not, I would just run a CentOS Stream 8 virtual machine using either GNOME Boxes or virt-manager, and set up networking and ssh so you can access the database from the host.
-
Can i run fortnite on Linux??
https://virt-manager.org/ <- Recommend this as Front-end
-
Cockpit: Web-based graphical interface for servers
I'd say it is half-baked webmin. You can only use it with NetworkManager, and if you have an even remotely complex network setup for VMs, NetworkManager usually must be turned off, which makes Cockpit practically unusable. virt-manager [1] is way more powerful for those who like managing VMs with GUI.
[1] https://virt-manager.org/
-
Failed to acquire pid file : /var/local/run/libvirt/qemu/driver.pid
$ apt build-dep libvirt $ git clone https://github.com/libvirt/libvirt.git Cloning into 'libvirt'... $ cd libvirt $ meson setup build $ ninja -C build $ ninja -C build install $ which virsh /usr/local/bin/virsh $ which libvirtd /usr/local/sbin/libvirtd $ apt install libgtk-3-dev libpulse-dev libgbm-dev libspice-protocol-dev \ libspice-server-dev libusb-1.0-0-dev libepoxy-dev libfdt-dev $ git clone -b v5.1.0 http://git.qemu.org/qemu.git $ cd qemu-v5.1.0 $ git submodule add -f https://git.kernel.org/pub/scm/utils/dtc/dtc.git dtc $ ./configure --disable-werror --target-list=arm-softmmu \ --enable-opengl --enable-gtk --enable-kvm --enable-guest-agent \ --enable-spice --audio-drv-list="oss pa" --enable-libusb \ --enable-trace-backend=simple --enable-debug $ make $ make install $ git clone https://github.com/virt-manager/virt-manager.git $ apt install gobject-introspection libosinfo-1.0-0 libosinfo-1.0-dev \ gir1.2-libosinfo-1.0 libvirt-glib-1.0-dev $ cd virt-manager $ ./setup.py configure --prefix=/usr/local $ sudo ./setup.py install $ sudo usermod -a -G libvirt root $ sudo usermod -a -G libvirtd root $ sudo usermod -a -G libvirt-qemu libvirt-qemu $ sudo usermod -a -G libvirt marietto $ sudo adduser libvirt-qemu $ sudo groupadd --system libvirt $ sudo groupadd --system libvirt-qemu $ sudo newgrp libvirt-qemu $ newgrp libvirt $ /usr/local/sbin# libvirtd & [1] 2875 $ /usr/local/sbin# virtqemud & info : libvirt version: 9.7.0 info : hostname: chromarietto error : virPidFileAcquirePathFull:409 Failed to acquire pid file : /var/local/run/libvirt/qemu/driver.pid Resource temporarily unavailable error : virStateInitialize:672 : Initialization of QEMU state driver failed Failed to acquire pid file : /var/local/run/libvirt/qemu/driver.pid Resource temporarily unavailable error : daemonRunStateInit:617 : Driver state initialization failed $ /usr/local/sbin# ps ax | grep libvirt 2875 pts/0 Sl 0:00 libvirtd $ /usr/local/sbin# ps ax | grep virtqemu nothing If I do the opposite way : $ /usr/local/sbin# virtqemud & $ /usr/local/sbin# ps ax | grep virtqemu 3041 pts/0 Sl 0:00 virtqemud $ /usr/local/sbin# libvirtd & info : libvirt version: 9.7.0 info : hostname: chromarietto error : virPidFileAcquirePathFull:409 Failed to acquire pid file : /var/local/run/libvirt/qemu/driver.pid Resource temporarily unavailable virStateInitialize:672 : Initialization of QEMU state driver failed Failed to acquire pid file : /var/local/run/libvirt/qemu/driver.pid Resource temporarily unavailable daemon RunStateInit:617 : Driver state initialization failed $ /usr/local/sbin# ps ax | grep virtqemu 3041 pts/0 Sl 0:00 virtqemud $ /usr/local/sbin# ps ax | grep libvirt nothing
-
Issue Testing hyperland in virt-manger
I want to test Hyprland with NixOS in a VM using Virt-Manager (https://virt-manager.org/) on Arch Linux host before installing it on my machine.
- We Replaced Firecracker with QEMU
What are some alternatives?
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
QEMU - Official QEMU mirror. Please see https://www.qemu.org/contribute/ for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
quickemu - Quickly create and run optimised Windows, macOS and Linux desktop virtual machines.
hardentools - Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
docker-libvirtd
ssh-p2p - ssh p2p tunneling server and client
sway - i3-compatible Wayland compositor
kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
cloud-hypervisor - A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.
shadowsocks-gtk-rs - A desktop GUI frontend for shadowsocks-rust client implemented with gtk-rs.
lutris - Lutris desktop client