Sudo-rs (drop in replacement) and rust written and other rust written Apps

I’m starting to see a lot more RUST code lately (one example) ie:

apt show sudo-rs
Package: sudo-rs
Version: 0.2.5-4
Static-Built-Using: rust-defaults (= 1.84.0ubuntu1), rust-glob (= 0.3.2-1), rus>
Priority: optional
Section: universe/utils
Source: rust-sudo-rs
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 2,458 kB
Depends: libc6 (>= 2.39), libgcc-s1 (>= 4.2), libpam0g (>= 0.99.7.1)
Homepage: https://github.com/trifectatechfoundation/sudo-rs
Download-Size: 548 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu questing/universe amd64 Packages
Description: Rust-based sudo and su implementations
 sudo-rs is a safety-oriented program designed to provide sudo and su
 functionalities with a focus on memory safety. The primary aim is to offer
 a secure and reliable alternative to traditional sudo, ensuring fewer
 vulnerabilities related to memory management.
 .
 While it aims to be a drop-in replacement for most common sudo use cases,

Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software." The plan is to test sudo-rs in Ubuntu 25.10 and, assuming the transition goes smoothly, to have it be part of Ubuntu 26.04, which will be a long-term support release.

Did any normal user even know? I’m playing with it now.
More info:

Found one here as well:

sudo-rs --version
sudo-rs 0.2.5

sudo-rs -s
[sudo: authenticate] Password: 
root@me-Legion-5-zfs:/home/me# nano /etc/hosts
root@me-Legion-5-zfs:/home/me# exit
exit

sudo-rs --list 
[sudo: authenticate] Password: 
User me may run the following commands on me-Legion-5-zfs:
    (ALL : ALL) ALL

Not much too say yet!

So does this actually fix any known memory errors with sudo or is it just a feel good thing so they can say “memory safe”? Just because something is in C or whatever doesn’t automatically mean it’s unsafe.

It’s important to note that sudo-rs is not a perfect solution. It currently supports less functionality than the original sudo and does not yet include features such as sudoedit and preventing shell escapes using NOEXEC and NOINTERCEPT. (It’s still a work in progress)

Additionally, some users have pointed out that while memory safety exploits are a concern, other issues like “unix environments having another environment variable that makes setuid processes load code” or logic errors may also pose security risks.

These issues might not be fully mitigated by the memory safety features of Rust alone.

In summary, while sudo-rs does address known memory safety issues, it is not a complete fix for all security concerns related to sudo.

NOTE we are not expected to see sudo-rs until 26.04 so we need to keep talk down and testing up.

I’m kind of glad about the rust code being used more and more!

One more to talk about is dust >>> Dust is a more intuitive Rust version of the du command. It gives you an instant overview of which directories are using the disk space without requiring to sort. ie:

dust /boot
3.1M   ┌── System.map-6.14.0-15-generic│█                                 │   1%
3.1M   ├── System.map-6.14.0-13-generic│█                                 │   1%
1.5M   │ ┌── unicode.pf2               │█                                 │   1%
1.5M   │ │ ┌── unicode.pf2             │█                                 │   1%
1.5M   │ ├─┴ fonts                     │█                                 │   1%
2.5M   │ ├── x86_64-efi                │█                                 │   1%
5.6M   ├─┴ grub                        │█                                 │   3%
840K   │     ┌── mmx64.efi             │█                                 │   0%
948K   │     ├── BOOTX64.EFI           │█                                 │   0%
1.8M   │   ┌─┴ BOOT                    │█                                 │   1%
840K   │   │ ┌── mmx64.efi             │█                                 │   0%
948K   │   │ ├── shimx64.efi           │█                                 │   0%
2.5M   │   │ ├── grubx64.efi           │█                                 │   1%
4.3M   │   ├─┴ ubuntu                  │█                                 │   2%
6.1M   │ ┌─┴ EFI                       │█                                 │   3%
6.1M   ├─┴ efi                         │█                                 │   3%
 14M   ├── vmlinuz-6.14.0-15-generic   │███                               │   7%
 14M   ├── vmlinuz-6.14.0-13-generic   │███                               │   7%
 80M   ├── initrd.img-6.14.0-13-generic│█████████████                     │  38%
 84M   ├── initrd.img-6.14.0-15-generic│██████████████                    │  40%
213M ┌─┴ boot                          │█████████████████████████████████ │ 100%

I’m not always graceful with new/change, but I’m excited to see more rust code hit

Indeed. I’m not saying it’s bad. Just think that if there are other actual problems it would be better to fix those rather than just rewriting stuff. Even if Canonical changes their sudo to rust that won’t make any kind of impact on the majority of other distros. Just seems like that dilutes community effort. For all purposes there are now 2 sudo packages that will require maintenance instead of one.

Nope it’s in all Linux (Fedora, Arch, Debian), not just Ubuntu.

You would have to first install both to have two to maintain, The plan is as I underrstand it is to make it default in 26.04 if all goes well, and I don’t see any issues with that!

You can also follow it as things get fixed:

Those have been addressed.

I don’t find dust in my Ubuntu 25.10

corrado@corrado-n8-qq-0511:~$ dust /boot
Could not find command-not-found database. Run 'sudo apt update' to populate it.
dust: command not found
corrado@corrado-n8-qq-0511:~$ apt policy dust
Notice: Unable to locate package dust
corrado@corrado-n8-qq-0511:~$

You should do what it asks for

ogra@styx:~$ dust
Command 'dust' not found, but can be installed with:
sudo snap install dust     # version v0.9.0, or
sudo apt  install du-dust  # version 1.1.2-1
See 'snap info dust' for additional versions. 
ogra@styx:~$ grep VERSION= /etc/os-release 
VERSION="25.04 (Plucky Puffin)"
ogra@styx:~$

It should be there on 25.10 as well if your package database is up to date …

command-not-found does not work in 25.10 because /var/lib/command-not-found/ is empty

Well, have you run sudo apt update as it asked ? is it still empty after this (IIRC a fresh install has not populated it until the apt package DB has been updated for the first time)

The package du-dust should be in the questing repos.

On 25.04: sudo apt update && sudo apt install du-dust worked for me.

Then run dust /boot or whatever directory interests you.

ok dust for me in questing but command-not-found still does not work

corrado@corrado-n3-qq-0515:~$ bbb
Could not find command-not-found database. Run 'sudo apt update' to populate it.
bbb: command not found
corrado@corrado-n3-qq-0515:~$ ls -l /var/lib/command-not-found/
total 0
corrado@corrado-n3-qq-0515:~$

Yes, but update does not populate the lib, this is a recurrent problem with each release: Bug #2042746 “Noble install image does not have command-not-foun...” : Bugs : command-not-found
I just noted the problem in the old bug I think it’s useless to open a new bug.

Sorry it gets busy here when I’m gone, but I use Cargo.

cargo info du-dust
    Updating crates.io index
du-dust #du #command-line #disk #disk-usage
A more intuitive version of du
version: 1.2.0
license: Apache-2.0
rust-version: unknown
documentation: https://github.com/bootandy/dust
homepage: https://github.com/bootandy/dust
repository: https://github.com/bootandy/dust
crates.io: https://crates.io/crates/du-dust/1.2.0

Cargo is also in charge of my updates, for all packages installed.

 dust  /var/lib/command-not-found/
5.0K   ┌── commands.db.metadata│█                                         │   2%
301K   ├── commands.db         │█████████████████████████████████████████ │  98%
307K ┌─┴ command-not-found     │█████████████████████████████████████████ │ 100%

Some More to ponder over:

One of the first tools, that comes to my mind, when thinking about rust apps is exa, a great alternative to the most common ls command.

It offers features like colored output, icon support, etc that make it visually pleasing to use. (On ubuntu it’s named as)

apt show eza
Package: eza
Version: 0.21.0-1
Built-Using: rust-fast-srgb8 (= 1.0.0-7), rust-option-ext (= 0.2.0-1)
Static-Built-Using: rust-addr2line (= 0.24.2-2), rust-adler (= 1.0.2-2), rust-a>
Priority: optional
Section: universe/utils
Source: rust-eza
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1,718 kB
Depends: libc6 (>= 2.34), libgcc-s1 (>= 4.2), libgit2-1.9 (>= 1.9.0)
Breaks: exa (<< 0.14.1-1)
Replaces: exa (<< 0.14.1-1)
Homepage: https://github.com/eza-community/eza
Download-Size: 630 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu questing/universe amd64 Packages
Description: Modern replacement for ls
 eza is an improved file lister with more features and better defaults.
 It uses colours to distinguish file types and metadata. It knows about
 symlinks, extended attributes, and Git. And it’s small, fast, and just

eza /boot
config-6.14.0-13-generic      memtest86+ia32.efi
config-6.14.0-15-generic      memtest86+x64.bin
efi                           memtest86+x64.efi
grub                          System.map-6.14.0-13-generic
initrd.img                    System.map-6.14.0-15-generic
initrd.img-6.14.0-13-generic  vmlinuz
initrd.img-6.14.0-15-generic  vmlinuz-6.14.0-13-generic
initrd.img.old                vmlinuz-6.14.0-15-generic
memtest86+ia32.bin            vmlinuz.old

One of the most commonly used command-line tool is cat, where we can output the content of a file to the terminal.

Bat is a worthy alternative to the cat command, which according to its developers, is “cat clone with wings.”

apt show bat
Package: bat
Version: 0.25.0-2
Built-Using: rust-ansi-colours (= 1.2.3-1), rust-onig-sys (= 69.8.1-1)
Static-Built-Using: rust-adler (= 1.0.2-2), rust-aho-corasick (= 1.1.3-1), rust>
Priority: optional
Section: universe/utils
Source: rust-bat
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 5,561 kB
Depends: libc6 (>= 2.39), libgcc-s1 (>= 4.2), libgit2-1.9 (>= 1.9.0)
Homepage: https://github.com/sharkdp/bat
Download-Size: 2,442 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu questing/universe amd64 Packages
Description: cat(1) clone with syntax highlighting and git integration
 bat is a drop-in cat(1) replacement featuring:
 .
  * syntax highlighting for a large number of languages;
  * git integration;
  * automatic paging;

└─> batcat /etc/os-release
───────┬────────────────────────────────────────────────────────────────────────
       │ File: /etc/os-release
───────┼────────────────────────────────────────────────────────────────────────
   1   │ PRETTY_NAME="Ubuntu Questing Quokka (development branch)"
   2   │ NAME="Ubuntu"
   3   │ VERSION_ID="25.10"
   4   │ VERSION="25.10 (Questing Quokka)"
   5   │ VERSION_CODENAME=questing
   6   │ ID=ubuntu
   7   │ ID_LIKE=debian
   8   │ HOME_URL="https://www.ubuntu.com/"
   9   │ SUPPORT_URL="https://help.ubuntu.com/"
  10   │ BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  11   │ PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/pri
       │ vacy-policy"
  12   │ UBUNTU_CODENAME=questing
  13   │ LOGO=ubuntu-logo
───────┴────────────────────────────────────────────────────────────────────────

Starship Prompt I have used this for a few years now.
There are many shells out there like bash, zsh, etc. You probably know the popular ones, and if you are curious, we have a list of lesser-known shells.

But all of those provide a shell prompt, which looks almost the same.

Starship prompt allows you to change the look of your shell prompt the way you want with a vast amount of configuration options. Starship prompt is simply an excellent customization tool.

┌───────────────────>
│~ 
└─> 

** ripgrep**
If you use the Linux terminal frequently, you may have used the grep command. It is such an important command with varied use cases.

ripgrep is the rust implementation of grep with more valuable features and tweaks. ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern.

 

[details="rg /boot"]
 rg /boot
rg: ./profile-backups: Permission denied (os error 13)
Documents/chroot on grub and mnt
3:chroot /mnt/boot-sav/sda2 grub-install --version
8:chroot /mnt/boot-sav/sda2 grub-install /dev/sda
12:chroot /mnt/boot-sav/sda2 update-grub

Documents/update-initramfs: Generating
1:update-initramfs: Generating /boot/initrd.img-6.14.0-13-generic
11:update-initramfs: Generating /boot/initrd.img-6.14.0-13-generic

Documents/yesterdays forum notes (copy 1)
39:# /boot/grub/grub.cfg.

Documents/manual partitions (copy 1)
26:  sgdisk --new=2:0:+${SZ_EFI}  --typecode=0:ef00 --change-name=0:EFI-SP $DEV  # for /boot/efi
27:  sgdisk --new=3:0:+${SZ_BOOT} --typecode=0:8300 --change-name=0:boot   $DEV  # for /boot
48:  mkfs -t vfat ${DEV}2  # /boot/efi
49:  mkfs -t ext2 ${DEV}3  # /boot
95:├─nvme0n1p2                      part  vfat                 50M   43.9M    12%             /boot/efi
96:├─nvme0n1p3                      part  ext4                700M  339.8M    42%             /boot

Documents/The best implementation for a zfs root system
3:The best implementation for a zfs root system, and that’s what I’ve been using for a year, goes by using a single zfs pool for root, ZFSBootMenu and sanoid (for fs, boot and snapshots) instead of separate root/boot pools, grub and zsys. It’s UEFI only (because of ZFS boot), but in this day and age for a desktop computer I don’t see the downside.

Documents/privatemessages-1fallen-April 20th, 2024 (copy 1).txt
227:bpool                                              370M  1.39G    96K  /boot
229:bpool/BOOT/ubuntu_2wtpxc                           369M  1.39G   369M  /boot

Documents/yesterdays forum notes
39:# /boot/grub/grub.cfg.

Documents/kernels on my system
14:└─> sudo find /boot/ -iname "vmlinuz*"
16:/boot/vmlinuz
17:/boot/vmlinuz-6.8.0-31-generic
18:/boot/vmlinuz.old
19:/boot/vmlinuz-6.10.0-15-generic

Documents/privatemessages-1fallen-April 20th, 2024.txt
227:bpool                                              370M  1.39G    96K  /boot
229:bpool/BOOT/ubuntu_2wtpxc                           369M  1.39G   369M  /boot

Documents/nvidia-bug-report.log
177:[    15.177] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
1100:[    14.979] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
12971:[    0.000000] Command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13232:[    0.029286] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13233:[    0.029392] Unknown kernel command line parameters "splash splash BOOT_IMAGE=/@/boot/vmlinuz-linux nvme_load=YES", will be passed to user space.
13849:[    1.119400]     BOOT_IMAGE=/@/boot/vmlinuz-linux
15746:BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3

Documents/system-info.txt
445:/dev/sdb2      ext4      2.0G  348M  1.5G  20% /boot
446:/dev/sdb1      vfat      511M  1.4M  510M   1% /boot/efi
547:|_sdb1        512M vfat                   /boot/efi                 
548:|_sdb2          2G ext4                   /boot                     
603:UUID=18F7-D7E0                            /boot/efi      vfat    defaults,umask=0077 0 2
604:UUID=7f7aff3e-628e-42e8-ae06-cfa7d9200cb4 /boot          ext4    defaults,noatime,commit=60 0 2
608:/dev/sdb1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
609:/dev/sdb2 on /boot type ext4 (rw,noatime,commit=60)
614:from: (STABLE) https://launchpad.net/~yannubuntu/+archive/ubuntu/boot-repair 

Documents/compile kernels on buntu
59:ls -l /boot
60:cp /boot/config-4.4.0-040400rc8-generic .config

Documents/posting beta
43:update-initramfs: Generating /boot/initrd.img-6.14.0-13-generic

apparmor.d/systemd-generator-gpt-auto
20:  /boot/ r,

Documents/manual partitions
26:  sgdisk --new=2:0:+${SZ_EFI}  --typecode=0:ef00 --change-name=0:EFI-SP $DEV  # for /boot/efi
27:  sgdisk --new=3:0:+${SZ_BOOT} --typecode=0:8300 --change-name=0:boot   $DEV  # for /boot
48:  mkfs -t vfat ${DEV}2  # /boot/efi
49:  mkfs -t ext2 ${DEV}3  # /boot
95:├─nvme0n1p2                      part  vfat                 50M   43.9M    12%             /boot/efi
96:├─nvme0n1p3                      part  ext4                700M  339.8M    42%             /boot

Documents/Grub menuentry cli
1:sudo awk -F\' '$1=="menuentry " || $1=="submenu " {print i++ " : " $2}; /\smenuentry / {print "\t" i-1">"j++ " : " $2};' /boot/grub/grub.cfg

apparmor.d/dolphin
71:  deny /boot/{,**} r,

Documents/nvidia-bug-report (copy 1).log
177:[    15.177] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
1100:[    14.979] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
12971:[    0.000000] Command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13232:[    0.029286] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13233:[    0.029392] Unknown kernel command line parameters "splash splash BOOT_IMAGE=/@/boot/vmlinuz-linux nvme_load=YES", will be passed to user space.
13849:[    1.119400]     BOOT_IMAGE=/@/boot/vmlinuz-linux
15746:BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3

apparmor.d/pacman-hook-mkinitcpio
39:  /boot/ r,
40:  /{boot,efi}/EFI/boot/boot*.efi rw,
41:  /boot/initramfs-*-fallback.img rw,
42:  /boot/initramfs-*.img rw,
43:  /boot/vmlinuz-* rw,

apparmor.d/systemd-logind
95:  /boot/{,**} r,

apparmor.d/os-prober.apparmor.d
66:  /boot/{efi/,} r,
67:  /boot/{efi/,}EFI/ r,
68:  /boot/{efi/,}EFI/**/ r,

apparmor.d/switcheroo-control
55:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/baobab
44:  deny /boot/{,**} r,

apparmor.d/dkms
118:    owner /boot/System.map-* r,

apparmor.d/console-setup
20:  @{run}/console-setup/boot_completed w,

apparmor.d/mkinitcpio
85:  # Manage /boot
87:  /boot/ r,
89:  /boot/initramfs-*.img* rw,
90:  /boot/vmlinuz-* r,
92:  /usr/share/systemd/bootctl/** r,

apparmor.d/hostnamectl
46:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/grub-probe
29:  /boot/ r,
30:  /boot/grub/ r,
31:  /boot/grub/themes/{,**} r,

apparmor.d/needrestart
58:  /boot/ r,
59:  /boot/intel-ucode.img r,
60:  /boot/vmlinuz* r,

apparmor.d/snap-update-ns
21:  mount -> /boot/,

apparmor.d/grub-mkconfig
79:  /.zfs/snapshot/*/boot/ r,
84:  /boot/{,**} r,
85:  /boot/grub/{,**} rw,

apparmor.d/bootctl
9:@{exec_path} = @{bin}/bootctl
10:profile bootctl /{,usr/}{,s}bin/bootctl  flags=(attach_disconnected,complain) {
78:  include if exists <local/bootctl>

apparmor.d/unmkinitramfs
38:        /boot/ r,
39:  owner /boot/initrd.img-* r,
44:        /mnt/boot/ r,
45:  owner /mnt/boot/initrd.img-* r,

apparmor.d/grub-multi-install
32:  /boot/grub/grub.cfg rw,

apparmor.d/protonmail
36:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/run-parts
248:    /boot/ r,

apparmor.d/spectre-meltdown-checker
92:  /boot/ r,
93:  /boot/{config,vmlinuz,System.map}-* r,

apparmor.d/xorg
123:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/wireshark
53:  deny       @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/kconfig-hardened-check
22:  /boot/config-* r,

apparmor.d/systemd-sleep-grub
20:  /etc/sysconfig/bootloader r,

apparmor.d/grub-install
33:  /boot/efi/ r,
34:  /boot/EFI/*/grubx*.efi rw,
35:  /boot/efi/EFI/ r,
36:  /boot/efi/EFI/BOOT/{,**} rw,
37:  /boot/efi/EFI/ubuntu/* w,
38:  /boot/grub/{,**} rw,

apparmor.d/startplasma
76:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/kernel-install
46:  owner /boot/{vmlinuz,initrd.img}-* r,
47:  owner /boot/[a-f0-9]*/*/ rw,
48:  owner /boot/[a-f0-9]*/*/{linux,initrd} w,
49:  owner /boot/loader/ rw,
50:  owner /boot/loader/entries/ rw,
51:  owner /boot/loader/entries/*.conf w,

apparmor.d/kglobalacceld
31:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/grub-mkrelpath
24:  /boot/ r,
25:  /boot/grub/themes/{,**} r,
27:  /tmp/grub-btrfs.*/@snapshots/@{int}/snapshot/boot/ r,
28:  /tmp/grub-btrfs.*/@/.snapshots/@{int}/snapshot/boot/ r,
29:  /tmp/grub-btrfs.*/@_backup_@{int}/boot/ r,

apparmor.d/boltd
69:  @{sys}/devices/@{pci}/domain@{int}/boot_acl rw,

apparmor.d/fwupd
105:  /boot/{,**} r,
106:  /boot/EFI/*/.goutputstream-@{rand6} rw,
107:  /boot/EFI/*/fw/fwupd-*.cap{,.*} rw,
108:  /boot/EFI/*/fwupdx@{int}.efi rw,

apparmor.d/thunar
133:  deny /boot/{,**} r,

apparmor.d/smplayer
69:  deny       @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/mutter-x11-frames
35:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/update-initramfs
50:  owner /boot/ r,
51:  owner /boot/initrd.img-* rw,
52:  owner /boot/initrd.img-*.dpkg-bak rwl -> /boot/initrd.img-*,

apparmor.d/initd-kexec-load
39:  owner /boot/grub/{grub.cfg,grubenv} r,

apparmor.d/pacman-hook-mkinitcpio-remove
27:  /boot/vmlinuz-* rw,
28:  /boot/initramfs-*.img rw,
29:  /boot/initramfs-*-fallback.img rw,

apparmor.d/systemd-id128
18:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/gnome-shell
763:  @{sys}/devices/@{pci}/boot_vga r,

home/me/Documents/nvidia-bug-report (copy 1).log
177:[    15.177] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
1100:[    14.979] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
12971:[    0.000000] Command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13232:[    0.029286] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13233:[    0.029392] Unknown kernel command line parameters "splash splash BOOT_IMAGE=/@/boot/vmlinuz-linux nvme_load=YES", will be passed to user space.
13849:[    1.119400]     BOOT_IMAGE=/@/boot/vmlinuz-linux
15746:BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3

apparmor.d/kcminit
43:  @{PROC}/sys/kernel/random/boot_id r,

home/me/Documents/compile kernels on buntu
59:ls -l /boot
60:cp /boot/config-4.4.0-040400rc8-generic .config

apparmor.d/kexec
18:  owner /boot/{initrd.img,vmlinuz}-* r,
22:  @{sys}/kernel/boot_params/data r,

apparmor.d/keepassxc
89:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/calibre
97:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/kmod
51:  owner /boot/System.map-* r,

home/me/Documents/yesterdays forum notes
39:# /boot/grub/grub.cfg.

apparmor.d/mkvtoolnix-gui
61:  deny       @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/needrestart-vmlinuz-get-version
29:  /boot/intel-ucode.img r,
30:  /boot/vmlinuz* r,

apparmor.d/grub-script-check
16:  /boot/grub/grub* rw,

apparmor.d/sbctl
27:  @{lib}/systemd/boot/efi/systemd-boot*.efi.signed rw,

apparmor.d/packagekitd
104:  /boot/** rwl -> /boot/**,

apparmor.d/kioworker
69:  deny /boot/{,**} r,

apparmor.d/ioping
38:  /boot/**  r,

apparmor.d/hyprland
58:  @{sys}/devices/@{pci}/boot_vga r,

home/me/Documents/privatemessages-1fallen-April 20th, 2024.txt
227:bpool                                              370M  1.39G    96K  /boot
229:bpool/BOOT/ubuntu_2wtpxc                           369M  1.39G   369M  /boot

apparmor.d/mkinitramfs
87:        /boot/ r,
88:  owner /boot/config-* r,
89:  owner /boot/initrd.img-*.new rw,

apparmor.d/networkctl
85:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/smtube
61:  deny       @{PROC}/sys/kernel/random/boot_id r,

home/me/Documents/kernels on my system
14:└─> sudo find /boot/ -iname "vmlinuz*"
16:/boot/vmlinuz
17:/boot/vmlinuz-6.8.0-31-generic
18:/boot/vmlinuz.old
19:/boot/vmlinuz-6.10.0-15-generic

apparmor.d/btrfs
28:  /boot/ r,
29:  /boot/**/ r,

apparmor.d/mumble
57:  deny       @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/sbin.klogd
24:  /boot/System.map*     r,
30:  /var/log/boot.msg     rwl,

apparmor.d/pacman
58:  @{bin}/bootctl                     rpx,
119:  /boot/** rwl -> /boot/**,

home/me/Documents/yesterdays forum notes (copy 1)
39:# /boot/grub/grub.cfg.

apparmor.d/quiterss
52:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/nautilus.apparmor.d
199:  deny /boot/{,**} r,

apparmor.d/gpartedbin
95:    mount /dev/{s,v}d[a-z]*@{int} -> /boot/,
111:    umount /boot/,

apparmor.d/fstrim
25:  /boot/ r,
26:  /boot/efi/ r,

home/me/Documents/privatemessages-1fallen-April 20th, 2024 (copy 1).txt
227:bpool                                              370M  1.39G    96K  /boot
229:bpool/BOOT/ubuntu_2wtpxc                           369M  1.39G   369M  /boot

apparmor.d/gdm
148:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/snapd
135:  /boot/ r,
136:  /boot/grub/grubenv r,

home/me/Documents/nvidia-bug-report.log
177:[    15.177] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
1100:[    14.979] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
12971:[    0.000000] Command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13232:[    0.029286] Kernel command line: BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3
13233:[    0.029392] Unknown kernel command line parameters "splash splash BOOT_IMAGE=/@/boot/vmlinuz-linux nvme_load=YES", will be passed to user space.
13849:[    1.119400]     BOOT_IMAGE=/@/boot/vmlinuz-linux
15746:BOOT_IMAGE=/@/boot/vmlinuz-linux root=UUID=b3c0909a-f1e4-4c4d-9d5e-e565472fbd8a rw rootflags=subvol=@ lsm=landlock,lockdown,yama,integrity,apparmor,bpf nowatchdog nvme_load=YES zswap.enabled=0 nvidia_drm.modeset=1 splash quiet splash loglevel=3

apparmor.d/vidcutter
63:  deny       @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/udisksd
52:  mount fstype=vfat -> /boot/efi/,
62:  umount /boot/efi/,

apparmor.d/grub-editenv
16:  /boot/grub/grubenv rw,

home/me/Documents/manual partitions (copy 1)
26:  sgdisk --new=2:0:+${SZ_EFI}  --typecode=0:ef00 --change-name=0:EFI-SP $DEV  # for /boot/efi
27:  sgdisk --new=3:0:+${SZ_BOOT} --typecode=0:8300 --change-name=0:boot   $DEV  # for /boot
48:  mkfs -t vfat ${DEV}2  # /boot/efi
49:  mkfs -t ext2 ${DEV}3  # /boot
95:├─nvme0n1p2                      part  vfat                 50M   43.9M    12%             /boot/efi
96:├─nvme0n1p3                      part  ext4                700M  339.8M    42%             /boot

apparmor.d/needrestart-iucode-scan-versions
27:  /boot/intel-ucode.img r,
28:  /boot/early_ucode.cpio r,

home/me/Documents/Grub menuentry cli
1:sudo awk -F\' '$1=="menuentry " || $1=="submenu " {print i++ " : " $2}; /\smenuentry / {print "\t" i-1">"j++ " : " $2};' /boot/grub/grub.cfg

apparmor.d/linux-version
18:  /boot/ r,

home/me/Documents/manual partitions
26:  sgdisk --new=2:0:+${SZ_EFI}  --typecode=0:ef00 --change-name=0:EFI-SP $DEV  # for /boot/efi
27:  sgdisk --new=3:0:+${SZ_BOOT} --typecode=0:8300 --change-name=0:boot   $DEV  # for /boot
48:  mkfs -t vfat ${DEV}2  # /boot/efi
49:  mkfs -t ext2 ${DEV}3  # /boot
95:├─nvme0n1p2                      part  vfat                 50M   43.9M    12%             /boot/efi
96:├─nvme0n1p3                      part  ext4                700M  339.8M    42%             /boot

home/me/Documents/system-info.txt
445:/dev/sdb2      ext4      2.0G  348M  1.5G  20% /boot
446:/dev/sdb1      vfat      511M  1.4M  510M   1% /boot/efi
547:|_sdb1        512M vfat                   /boot/efi                 
548:|_sdb2          2G ext4                   /boot                     
603:UUID=18F7-D7E0                            /boot/efi      vfat    defaults,umask=0077 0 2
604:UUID=7f7aff3e-628e-42e8-ae06-cfa7d9200cb4 /boot          ext4    defaults,noatime,commit=60 0 2
608:/dev/sdb1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
609:/dev/sdb2 on /boot type ext4 (rw,noatime,commit=60)
614:from: (STABLE) https://launchpad.net/~yannubuntu/+archive/ubuntu/boot-repair 

apparmor.d/updatedb-mlocate
27:  /boot/ r,
28:  /boot/**/ r,

apparmor.d/aa-log
42:    @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/fsck
29:  /boot/ r,

apparmor.d/labwc
38:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/pacdiff
41:  /boot/{,**} r,

apparmor.d/dlocate
58:    /boot/** r,

apparmor.d/gpu-manager
30:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/abstractions/kde-open5
95:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/abstractions/nss-systemd
29:  @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/abstractions/app/systemctl
28:          @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/abstractions/app/udevadm
23:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/abstractions/app/chromium
178:  @{sys}/devices/@{pci}/boot_vga r,

apparmor.d/abstractions/common/systemd
19:        @{PROC}/sys/kernel/random/boot_id r,

apparmor.d/abstractions/common/game
78:  @{sys}/devices/@{pci}/boot_vga r,

[/details]

It’s in the Repos

fd
fd is a program to find entries in your filesystem, which is an alternative to the ever-famous find command. The developer mentions:

While it does not aim to support all of find’s powerful functionality, it provides sensible (opinionated) defaults for a majority of use cases.
I’m on the fence for this one:

fdfind Pictures
Pictures/
home/me/Pictures/

Procs
Procs is a modern replacement for the ps command, written in Rust.

It provides a colored, human-readable output with automatic theme detection based on the terminal background. It is also available for all major platforms, Linux, Mac, and Windows.

 PID:▲ User                │ TTY  CPU MEM CPU Time │ Command                   >
                           │      [%] [%]          │                           >
 1     root                │      0.0 0.1 00:00:03 │ /sbin/init noplymouth     >
 2     root                │      0.0 0.0 00:00:00 │ [kthreadd]                >
 3     root                │      0.0 0.0 00:00:00 │ [pool_workqueue_release]  >
 4     root                │      0.0 0.0 00:00:00 │ [kworker/R-rcu_gp]        >
 5     root                │      0.0 0.0 00:00:00 │ [kworker/R-sync_wq]       >
 6     root                │      0.0 0.0 00:00:00 │ [kworker/R-kvfree_rcu_recl>
 7     root                │      0.0 0.0 00:00:00 │ [kworker/R-slub_flushwq]  >
 8     root                │      0.0 0.0 00:00:00 │ [kworker/R-netns]         >
 11    root                │      0.0 0.0 00:00:00 │ [kworker/0:0H-events_highp>
 13    root                │      0.0 0.0 00:00:00 │ [kworker/R-mm_percpu_wq]  >
 14    root                │      0.0 0.0 00:00:00 │ [rcu_tasks_kthread]       >
 15    root                │      0.0 0.0 00:00:00 │ [rcu_tasks_rude_kthread]  >
 16    root                │      0.0 0.0 00:00:00 │ [rcu_tasks_trace_kthread] >
 17    root                │      0.0 0.0 00:00:00 │ [ksoftirqd/0]             >
 18    root                │      0.0 0.0 00:00:02 │ [rcu_preempt]             >
 19    root                │      0.0 0.0 00:00:00 │ [rcu_exp_par_gp_kthread_wo>
 20    root                │      0.0 0.0 00:00:00 │ [rcu_exp_gp_kthread_worker>
 21    root                │      0.0 0.0 00:00:00 │ [migration/0]             >
 22    root                │      0.0 0.0 00:00:00 │ [idle_inject/0]           >
 23    root                │      0.0 0.0 00:00:00 │ [cpuhp/0]                 >
 24    root                │      0.0 0.0 00:00:00 │ [cpuhp/2]                 >
:

At this time it is available as a snap package, so I installed it through cargo

Bottom
Bottom is a customizable cross-platform graphical process/system monitor inspired by tools like htop, gtop, etc.

One of the main highlights of this system monitor tool is the availability of graphical visualization widgets for CPU usage, RAM usage, etc.

I’m still fond of Btop

Zoxide
You should be aware of the cd command used to move into various directories. While cd is plenty good, Zoxide is kind of a smarter cd. Zoxide can remember the directories you use most frequently, so you can “jump” to them in just a few keystrokes.

This helps to boost your productivity, and more importantly, it is available for all significant shells out there.

Third-party integrations for Vim, Emacs, Ranger file manager, ZSH-Autocomplete, etc.
Optional interactive selection using fzf command-line fuzzy finder
Works on all major shells.

z Downloads
┌───────────────────>
│~/Downloads 
└─> z Downloads && ls
zoxide: you are already in the only match
┌───────────────────>
│~/Downloads 
└─> z example
zoxide: no match found
┌───────────────────>
│~/Downloads 
└─> z

There are more out there, but this gives a good start for rust written Apps!

Where/how do I find batcat? in Ubuntu 25.10?

Ripgrep and fd are two of the first things I always install! (And then I make an alias for fd since the command with the repo package is fdfind.)