On Mon, Jun 17, 2019 at 4:03 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > On Thu, Jun 13, 2019 at 1:59 PM Jason Long <hack3rcon@xxxxxxxxx> wrote: > > Thanks, but I meant was can AppArmor cause no Linux distro use SELinux anymore and use AppArmor instead of SELinux? > > Why would you want to do that? What benefit would it bring to Fedora? > To be blunt, the poor adoption of SELinux in other distros is largely because the reference SELinux policy maintained by Tresys doesn't work at all. I wish Red Hat SELinux engineers would reach out to other distros and help them transition to our SELinux policy implementation[1], because it actually _works_. For example, SUSE supports SELinux and AppArmor, but the selinux-policy package they have is based on refpolicy, which is horribly broken. Someone should work with them to migrate to the fedora-selinux policy. In Debian, they've been so paralyzed about how to do security in the first place, they did nothing for over a decade. They have a hard time making any kind of decision. Ubuntu had an SELinux expert over a decade ago, but he moved to Google and wrote the SELinux policies for Chrome OS and Android, as both use SELinux. If Red Hat were to help other distros support SELinux using our policy and our enhanced tools, then the community around SELinux would be much stronger and there'd be much more usage and upstream support for it due to the higher exposure. [1]: https://github.com/fedora-selinux/selinux-policy -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
