No more selinux-policy-*-sources
Dennis Jacobfeuerborn
d.jacobfeuerborn at conversis.de
Tue Mar 14 15:52:54 UTC 2006
Alan Cox wrote:
> On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
>> complex solutions. AppArmor looks more attractive to me because while it
>> may not be perfect at least it's usable and easily understandable compared
>> to selinuxes black wizardry.
>
> Lots of things can look pretty but it doesn't mean they actually solve the
> fundamental problems. SELinux uses more complex ideas like roles because in
> the 1960s people working on this stuff realised the simple model actually
> doesn't work.
I understand that but if this system that "solves the fundamental problems"
is so complex that most people just turn it off then the gain in security
you get is pretty much theoretical. Security isn't an all-or-nothing thing
and right now there seems to be chasm between the very basic traditional
Unix model and the very secure but extremely complex SELinux. It looks like
AppArmor fits in quite well between these two extremes.
Regards,
Dennis
More information about the devel
mailing list