AppArmor about to be merged into the kernel?
Tom Horsley
horsley1953 at gmail.com
Mon Mar 22 09:47:36 UTC 2010
On Sun, 21 Mar 2010 22:24:08 -0700
Don Quixote de la Mancha wrote:
> Perhaps someone could post a brief note that compares and contrasts
> SELinux with AppArmor.
The one thing I remember about AppArmor was that all the
pointless security restrictions were tied to a specific
executable, and if AppArmor was preventing you from running
some program, all you had to do was make a copy of
it, then you could run the copy without a peep from
AppArmor. This happened to us at work when trying to
do a build on a suse system. I wish I could remember
what program it was (it was not anything setuid, just some
innocuous utility that someone at suse thought should
be restricted for some reason).
More information about the users
mailing list