Hi! > >> Average users are not supposed to be writing security policy. To be > >> honest, even average-level system administrators should not be > >> writing security policy. > That explains so much! "SELinux: you're too dumb to use it, so just keep > your hands in your pockets." :-) > > AppArmor was designed to allow your average sys admin to write a > security policy. It makes different design choices than SELinux to > achieve that goal. As a result, AppArmor is an utter failure when > compared to SELinux's goals, and SELinux in turn is an utter failure > when compared to AppArmor's goals. I'd not be that sure. SELinux can read AA config files, with some performance problems and bad problems with new files. I bet solving the 'new files' problem is not going to take 20% of AA's size... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html