Re: AppArmor FAQ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 18 Apr 2007, David Lang wrote:

> SELinux is designed to be able to make the box safe against root, AA is
> designed to let the admin harden exposed apps without having to think about
> the other things on the system.

This is not correct.

SELinux was designed as an access control framework which allows various 
security models to be composed in a controlled and consistent manner, 
covering all security-relevant interactions in the system.

The type enforcement model included with it provides a means to address 
both integrity and confidentiality requirements.  It _can_ protect you 
against root, if that's what you want (in fact, the Russell Coker "play 
box" was online for many years with a published root password), but it 
does not have to.

Indeed, since Fedora Core 3, the default SELinux policy has been 
"targeted", which is aimed at confining exposed applications.



- James
-- 
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux