What security context software does Ubuntu use?
Ubuntu uses AppArmor, a SELinux alternative.
Wikipedia gives some hints on why some people think AppArmor is better than SELinux:
AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain. Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. They also claim that AppArmor requires fewer modifications to work with existing systems: for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.
Ubuntu ships many AppArmor profiles for core applications. You can find them in /etc/apparmor.d/
. If you need to edit the default profiles, you can override settings from /etc/apparmor.d/local/
.
Ubuntu also ships some so-called "abstractions", which are ways to help you write your own AppArmor profiles quickly without repeating yourself (the famous DRY principle).
One thing that is important to note is that the AppArmor profile for Firefox is disabled by default, because it might be too restrictive for many users. You can however enable it as described on the documentation:
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox
If you want to go with SELinux, you are free to disable AppArmor and install the selinux package. Note however that the default configuration for SELinux in Ubuntu is not much restrictive, so you have to configure it yourself.