Re: AppArmor for Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Aug 26, 2007 at 15:43:02 -0500,
  Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> Tony Nelson wrote:
> >At 3:02 PM -0500 8/26/07, Javier Perez wrote:
> >
> >>Is anybody working to port AppArmor to Fedora?
> >>It does similar work like SELINUX but it is supposed to be user frendlier.
> >>Where do I ask the powers that be to include it?
> > ...
> >
> >No.  Will never ever happen.  Fedora has SELinux, much more powerful, much
> >more secure.
> 
> ...if managed by one of the dozen or so experts that understand it.

You don't have to understand much of SELinux to make use of it. The targeted
policy works pretty well. The GUI interface for setting booleans isn't
hard to use. 

If you install third party binaries that don't protect memory regions the way
it is done in Fedora by default or if you run a web server you may need to use
the chcon command to label some files to allow for elevated access.

You can also use audit2allow to work around denials that shouldn't happen,
but those should really get reported as bugs.

Also coming in F8 is a way to have restricted accounts with restrictions
enforced by SELinux policy. This makes it much safer to give out guest
accounts on machines.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux