david@xxxxxxx wrote: > On Fri, 8 Jun 2007, Greg KH wrote: >> I still want to see a definition of the AA "model" that we can then use >> to try to implement using whatever solution works best. As that seems >> to be missing the current argument of if AA can or can not be >> implemented using SELinux or something totally different should be >> stopped. > the way I would describe the difference betwen AA and SELinux is: > > SELinux is like a default allow IPS system, you have to describe > EVERYTHING to the system so that it knows what to allow and what to stop. > > AA is like a default deny firewall, you describe what you want to > happen, and it blocks everything else without you even having to > realize that it's there. That's not quite right: * SELinux Strict Policy is a default-deny system: it specifies everything that is permitted system wide, and all else is denied. * AA and the SELinux Targeted Policy are hybrid systems: o default-deny within a policy or profile: confined processes are only permitted to do what the policy says, and all else is denied. o default-allow system wide: unconfined processes are allowed to do anything that classic DAC permissions allow. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Chat: irc.oftc.net/#apparmor - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html