Alan Cox wrote:
On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
complex solutions. AppArmor looks more attractive to me because while it
may not be perfect at least it's usable and easily understandable compared
to selinuxes black wizardry.
Lots of things can look pretty but it doesn't mean they actually solve the
fundamental problems. SELinux uses more complex ideas like roles because in
the 1960s people working on this stuff realised the simple model actually
doesn't work.
I understand that but if this system that "solves the fundamental problems"
is so complex that most people just turn it off then the gain in security
you get is pretty much theoretical. Security isn't an all-or-nothing thing
and right now there seems to be chasm between the very basic traditional
Unix model and the very secure but extremely complex SELinux. It looks like
AppArmor fits in quite well between these two extremes.
Regards,
Dennis
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
