Jeff Spaleta wrote:
On 3/14/06, Dennis Jacobfeuerborn <d.jacobfeuerborn@xxxxxxxxxxxx> wrote:
I've taken a look at AppArmor and it looks like a much more incremental
and easier to use solution than selinux. It's not as powerful but all this
power doesn't help much if most people will turn off selinux anyway because
it gets in the way. Has anyone heard of any efforts trying to port it over
to Fedora?
My understanding is that it still requires kernel patches which are
not in the mainline kernel yet. If you want to use it.. you'll have to
use a patched kernel. Snowball's chance in hell the Fedora kernels are
going to include apparmor specific patches that should be going into
mainline kernel for everyone to use. You want to see it ported and
see it available in Fedora Extras... then go chew the novell
developers ears off about getting the required kernel patches into the
mainline kernel. Please go read up in the lkml archives about
Immunix's SubDomain (newly renamed as Novell AppArmor) to gain insight
on where in the process things are to get Immunix's..err i mean
Novell's kernel patches into the mainline kernel.
Maybe I should have chosen my wording more carefully. When I said "port it
over to Fedora" I meant to ask if someone is providing the necessary
packages to run AppArmor on Fedora. It looks like an interesting technology
to me but to determine if it's really useful I'd first have to actually
test it and such packages would help doing that. I'm very aware that any
sort of official inclusion into Fedora is quite unlikely even in the
midterm future.
Regards,
Dennis
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
