On Sun, 26 Aug 2007 22:34:13 +0100 Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: > Fedora follows upstream. Upstream for now has rejected AppArmor for a > variety of very sound technical reasons. in part to do with whether its > actually secure, or even possibly to build a proper security model with > it. Yea, I remember at work someone genned a suse system and forgot to disable AppArmor. I forget which program it was, but some totally innocuous utility like "date" or "uname" or something wouldn't run because AppArmor was configured to call it dangerous for some reason. The truly wonderful part was that if you made a copy of the executable under a different name, it worked fine, it was only the installed one that AppArmor was helpfully protecting you from. I'm not sure what security model that corresponds to, the word "lame" comes to mind however :-).
