On Wed, Jun 12, 2019 at 7:42 PM Zygmunt Krynicki <me(a)zygoon.pl> wrote:
On 10 Jun 2019, at 10:00, Lukas Vrabec <lvrabec(a)redhat.com> wrote:
It's not really easy to have SELinux enabled together with AppArmor on
one system.
This is not quite true anymore, the kernel now has LSM stacking so you can run apparmor
underneath selinux or, I believe, the other way around. You can look at
https://lwn.net/Articles/785390/ for a starting point for more information.
AppArmor is not supported on Fedora.
Perhaps it should be supported in this model?
The more accurate statement would be "AppArmor cannot be supported in
Fedora without someone to take responsibility for it".
I still am not sure major LSM stacking is a good idea, but if someone
wants to try, they could start a Fedora AppArmor project to make it a
reality.
--
真実はいつも一つ!/ Always, there's only one truth!