Re: AppArmor FAQ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, 17 Apr 2007, David Wagner wrote:

> Maybe you'd like to confine the PHP interpreter to limit what it can do.
> That might be a good application for something like AppArmor.  You don't
> need comprehensive information flow control for that kind of use, and
> it would likely just get in the way.

SELinux can do this, it's policy-flexible.  You can even simulate a 
pathame-based policy language with a consequential loss of control:

> might well use AppArmor.  They solve different problems and have different
> tradeoffs.  There is room for more than one security tool in the world.

That is not the point of this discussion, although we can at least be 
thankful that Linus didn't request that the networking layer be pluggable 
to the extent that the security layer is, otherwise we'd have a menagerie 
of "better" TCP stacks, TOE frameworks, STREAMS modules and whatever other 
fantastic ideas that people might be inclined to drag out of the kitchen 

- James
James Morris
<[email protected]>
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at
Please read the FAQ at

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux