Quoting Alan Cox ([email protected]): > Thus this sort of stuff needs to be taken seriously. Can SuSE provide a > good reliable policy for AppArmour to people, can Red Hat do the same > with SELinux ? That's a little more than half the question. The other 40% is can users write good policies. I think it will, and already has, become easier for selinux. But in this case I wonder whether some sort of contest could be beneficial. We all know of Russel Coker's open root selinux play machines. That's a powerful statement. Things I'd like to see in addition are a. a similar setup with apparmour b. a similar setup where "mere mortals" set up the selinux policy For the first few rounds, rather than judge one way or the other, we could hopefully publish the results in a way to encourage a flurry of selinux policy tools - one of which may actually be useful. Given that AA is a 'targeted' type of setup, I guess it would need to have a strict sshd policy, and the game would be whether the policy can keep anyone with the root password from escaping the policy. > Note I don't care about whether apparmour is integrated. If the code is > good and it can be shown it works then fine. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Stephen Smalley <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: David Lang <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- References:
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Crispin Cowan <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Ken Brush" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Ken Brush" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Lars Marowsky-Bree <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Serge E. Hallyn" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Prev by Date: RE: Problems with EDAC coexisting with BIOS
- Next by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Previous by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Index(es):
 |