Xen, AppArmor and Desktop

By Jason Brooks  |  Posted 2006-05-30 Print this article Print

Use"> Novell would do well to put its software-management-tools house in order, settle on a single framework and move on with that—Smart Package Manager seems like an intelligent option.

Another aspect of OpenSUSE 10.1 that at the same time intrigued and infuriated us was the new version of the distributions Yast management module for creating and running Xen virtual machines.
Xen is fairly early along. Although the packages required to make Xen run are available for most prominent Linux distributions, the state of the tools for creating and running Xen VMs—in other words, whats needed to really make Xen compete with products like VMware Workstation—is rather raw. OpenSUSE 10.1s Xen tool looked and, right at the beginning, worked really great. We fired up the module on a new machine and Yast informed us that wed have to install some Xen packages, which Yast offered to do for us. Soon wed rebooted into the Xen version of the distributions kernel, and we were ready to begin building Xen machines. Again, the module impressed us. Rather than limiting us to installing copies of OpenSUSE onto our VMs, the Yast tool gave us the option of specifying an ISO image and Xen-enabled kernel of arbitrary distribution. We tried this, with Fedora Core 5, but to no avail. We next attempted an over-the-network installation of OpenSUSE 10.1 in a Xen VM, but that didnt work, either. Our third installation attempt, in which we tried to install OpenSUSE 10.1 in a Xen VM using our OpenSUSE disks as an install source, made it all the way to the end of the install process before the grub bootloader refused to install on our VM, bringing us back to square one. So, while the systems Xen management module has a lot of promise, it needs some significant tightening up before itll be able to realize that promise. Again, were staying tuned for future SUSE releases. AppArmor Another OpenSUSE 10.1 feature that sets the distribution apart from others weve tested and is configurable via Yast (although more smoothly so than Xen) is the AppArmor application lockdown system that Novell acquired in 2005 and then released under the GPL. AppArmor made it fairly easy for us to create profiles to limit applications to only the privileges required to get their jobs done—which in turn limits the scope of damage that subverted or otherwise out-of-control software can wreak. Compared to SELinux, which in Red Hat distributions ships with well-made but tricky-to-modify or create enforcement policies, AppArmor profile creation is straightforward. The systems "learning mode" tracks the resources and capabilities a given app accesses during normal operation, which form the basis of AppArmors profiles. On the desktop OpenSUSE 10.1 ships with KDE 3.5.x and GNOME 2.12.x, both of which we found to be well-implemented and well-suited for mainstream desktop use. We were a bit disappointed to see that OpenSUSE did not ship with the latest version of GNOME, Version 2.14, which has been available for a couple of months and boasts some new features that weve found rather useful in our tests with Fedora Core 5 and with the testing builds of Ubuntu Dapper Drake. Novell is targeting SMBs through partnerships. Click here to read more. We were impressed, however, with the integration of the Beagle desktop search tool in both OpenSUSEs GNOME and KDE desktops. For the early part of its existence, Beagle had been a GNOME-centric project. OpenSUSEs KDE includes a Beagle front end of its own, called Kerry, that integrates well with the rest of KDE. Anyone whos seen the recent releases of Mac OS X and the testing builds of Windows Vista can attest that client operating systems are growing quickly more toothsome to those enamored of eye candy. While were really not convinced of the utility of hardware-accelerated desktop interface effects, we had some fun testing out the Linux desktops entry in the desktop-effects arms race—the Freedesktop.org projects OpenGL-driven X Server, Xgl. With Xgl and Novells compositing window manager, compiz, we were able to switch among virtual desktops with a rotating cube effect, watch pop-up menus jiggle into place, and so on. What most impressed us, though, is that we could use Xgl with a 4-year-old 3-D graphics card. The Vista builds weve so far tested, in contrast, turned up their noses at it. Next page: Evaluation Shortlist: Related Products.

As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. JasonÔÇÖs coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel