Re: AppArmor about to be merged into the kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 22, 2010 at 1:24 AM, Don Quixote de la Mancha <quixote@xxxxxxxxxxxxxxxx> wrote:
Perhaps someone could post a brief note that compares and contrasts
SELinux with AppArmor.

I am getting ready to set up SELinux on a server, but haven't actually
started yet.  My first step would be to purchase a good technical book
on SELinux, as what little experience I already have with SELinux
suggests that it is not for the faint of heart.

Would I be better off using AppArmor instead?

I don't think so.
 
 Or could the two of
them be used in combination?

I don't think so.

Suse uses AppArmor without kernel integration and I'm not sure what support they offer for the project. They bought AppArmor and later licensed everybody except maybe 2 developers (not sure).

Anyways, Novell is pretty much a living dead. Its Novell business is, of course, dead and Suse still lives because it's on a live support line from Microsoft.

Some people say they're not not idealist and they'll go with whoever gives them an edge. 1st, my not sure what kind of an edge Suse offers. Then, in such cases, what usually happens, is a deeper layer of reality creeps out to the edge that first sight "realists" are standing on :)

Mandriva, uses some components of AppArmor, but what exactly is very unclear.

Now, John Johansen, who used to develop for Suse seems to be working for Canonical. The road to inclusion in the kernel seems to have been bumpy:

http://thread.gmane.org/gmane.linux.kernel.lsm/10443/focus=10456

Maybe Canonical will finally do something with AppArmor. The attitude of Torvalds and Molnar seems to be to give the runner a chance. (French _expression_. Not sure what the English equivalent is. Hum... Wait and see, maybe.) But whether this will work perfectly in Ubuntu 10.4 raises a big question mark.

I wouldn't think you're losing your time with SELinux and a Red Hat product or derivative. (Of course, you're aware that if I thought Red Hat was doing a sloppy job with its server product, I wouldn't wrap my answer in 3 layers of fancy papers :)

I never had problems with SELinux. As I said, for a few weeks, I had the abrt red hat flashing often but, geeky as I am, I'm not sure that it was SELInux related. It's back to normal. It now flashes only if I remove my flash drive without unmounting. On a server, YMMV, but I'd first consult Red Hat documentation, then, http://oreilly.com/  10 days Free Safari trial offer, before going on a book buy out spree.

The 2¢ of a non-geek.

Anyways, did Quixote ever run away from challenges :)
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux