Adrian Bunk <bunk@xxxxxxxxx> writes: > On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote: >> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <jjohansen@xxxxxxx> wrote: >> >> > > >> > > so... where do we stand with this? Fundamental, irreconcilable >> > > differences over the use of pathname-based security? >> > > >> > There certainly seems to be some differences of opinion over the use >> > of pathname-based-security. >> >> I was refreshed to have not been cc'ed on a lkml thread for once. I guess >> it couldn't last. >> >> Do you agree with the "irreconcilable" part? I think I do. >> >> I suspect that we're at the stage of having to decide between >> >> a) set aside the technical issues and grudgingly merge this stuff as a >> service to Suse and to their users (both of which entities are very >> important to us) and leave it all as an object lesson in >> how-not-to-develop-kernel-features. >> >> Minimisation of the impact on the rest of the kernel is of course >> very important here. >> >> versus >> >> b) leave it out and require that Suse wear the permanent cost and >> quality impact of maintaining it out-of-tree. It will still be an >> object lesson in how-not-to-develop-kernel-features. >>... > > versus > > c) if [1] AppArmor is considered to be something that wouldn't > be merged if it wasn't already widely deployed by Suse: leave it out, > work on an ideal solution [2], and let Suse wear the one-time cost > of migrating their users to the ideal solution > > One important point is that if AppArmor gets merged there will be much > more distribution support for it, and many people on !Suse will start > using it. > > I'm not claiming to understand the technical details, but from both > slightly reading over the previous discussions and the "What are the > advantages of AppArmor over SELinux?" section in the AppArmor FAQ [3] my > impression is that a main advantage of AppArmor are more user friendly > userspace tools. Therefore, if [1] AppArmor is considered technically > inferior to SELinux, it might still become more popular than SELinux > simply because it's easier to use - and although it's technically > inferior. A couple of random thoughts to mix up this discussion.
