On Fri, Feb 29, 2008 at 9:48 AM, Thompson Freeman <tfreeman@xxxxxxxxxxxxxxxxxx> wrote:
I used Open SuSe for awhile and i wasn't impressed by AppArmor. I switched to fedora largely because i wanted to learn the in's and out's of SELinux. I expected alot of trouble out of it but haven't had more than a peep or two. I run it on three machines of my own( Fedora 8) now and i have installed it for two people who don't care what OS they have and they haven't had any issues to date with their standard desktop configs. Granted they are not power users or anything but personally i think its ready for everyone to have because the odds are they won't notice it . People who use unusual configurations or are power users may run into an issue but i would expect a power user to be able to troubleshoot it without much difficulty. All my trouble has been caused by my own tinkering with this or that but all of it has been easily resolved. Perhaps I'm the exception??
Max
AFAIK, Ubuntu is applying Apparmour(sp??), not selinux.On 02/29/2008 09:32:06 AM, Patrick O'Callaghan wrote:
> On Fri, 2008-02-29 at 08:41 +0000, klybear wrote:
> > On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield
> wrote:
> >
> > > The only penetrations I've seen arrived by ssh. I
> don't think selinux
> > > would have helped there; the sorts of restrictions I
> can think of would
> > > also prevent the user from doing what users ought be
> able to do such as
> > > download stuff (including email), sending email and so
> forth.
> >
> > I'm new full time linux user, having temped with one or
> two distros in
> > the past, and I have to say that my experience of
> selinux has been
> > frustrating. I never had any Selinux issues with Ubuntu
> or Debian, but
> > since using Fedora, three of the four problems I've
> solved so far turned
> > out to be related selinux permissions and the fourth one
> I'm still
> > working on :)
>
> AFAIK Selinux is disabled by default in Ubuntu and Debian.
> Note that you
> can also disable it (or limit it to warnings) in Fedora.
IMHO apparmour has some security value but not a whole lot
due to a more limited coverage. YMMV of course, and I'm
making no warrentee or anything else here.
I used Open SuSe for awhile and i wasn't impressed by AppArmor. I switched to fedora largely because i wanted to learn the in's and out's of SELinux. I expected alot of trouble out of it but haven't had more than a peep or two. I run it on three machines of my own( Fedora 8) now and i have installed it for two people who don't care what OS they have and they haven't had any issues to date with their standard desktop configs. Granted they are not power users or anything but personally i think its ready for everyone to have because the odds are they won't notice it . People who use unusual configurations or are power users may run into an issue but i would expect a power user to be able to troubleshoot it without much difficulty. All my trouble has been caused by my own tinkering with this or that but all of it has been easily resolved. Perhaps I'm the exception??
Max