Re: AppArmor about to be merged into the kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 22, 2010 at 1:24 AM, Don Quixote de la Mancha <quixote@xxxxxxxxxxxxxxxx> wrote:
Perhaps someone could post a brief note that compares and contrasts
SELinux with AppArmor.

I am getting ready to set up SELinux on a server, but haven't actually
started yet.  My first step would be to purchase a good technical book
on SELinux, as what little experience I already have with SELinux
suggests that it is not for the faint of heart.

Would I be better off using AppArmor instead?

I don't think so.
 
 Or could the two of
them be used in combination?

I don't think so.

Suse uses AppArmor without kernel integration and I'm not sure what support they offer for the project. They bought AppArmor and later licensed everybody except maybe 2 developers (not sure).

Anyways, Novell is pretty much a living dead. Its Novell business is, of course, dead and Suse still lives because it's on a live support line from Microsoft.

Some people say they're not not idealist and they'll go with whoever gives them an edge. 1st, my not sure what kind of an edge Suse offers. Then, in such cases, what usually happens, is a deeper layer of reality creeps out to the edge that first sight "realists" are standing on :)

Mandriva, uses some components of AppArmor, but what exactly is very unclear.

Now, John Johansen, who used to develop for Suse seems to be working for Canonical. The road to inclusion in the kernel seems to have been bumpy:

http://thread.gmane.org/gmane.linux.kernel.lsm/10443/focus=10456

Maybe Canonical will finally do something with AppArmor. The attitude of Torvalds and Molnar seems to be to give the runner a chance. (French _expression_. Not sure what the English equivalent is. Hum... Wait and see, maybe.) But whether this will work perfectly in Ubuntu 10.4 raises a big question mark.

I wouldn't think you're losing your time with SELinux and a Red Hat product or derivative. (Of course, you're aware that if I thought Red Hat was doing a sloppy job with its server product, I wouldn't wrap my answer in 3 layers of fancy papers :)

I never had problems with SELinux. As I said, for a few weeks, I had the abrt red hat flashing often but, geeky as I am, I'm not sure that it was SELInux related. It's back to normal. It now flashes only if I remove my flash drive without unmounting. On a server, YMMV, but I'd first consult Red Hat documentation, then, http://oreilly.com/  10 days Free Safari trial offer, before going on a book buy out spree.

The 2¢ of a non-geek.

Anyways, did Quixote ever run away from challenges :)
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux