AppArmor about to be merged into the kernel?
Marcel Rieux
m.z.rieux at gmail.com
Mon Mar 22 22:36:28 UTC 2010
On Mon, Mar 22, 2010 at 1:24 AM, Don Quixote de la Mancha <
quixote at dulcineatech.com> wrote:
> Perhaps someone could post a brief note that compares and contrasts
> SELinux with AppArmor.
>
> I am getting ready to set up SELinux on a server, but haven't actually
> started yet. My first step would be to purchase a good technical book
> on SELinux, as what little experience I already have with SELinux
> suggests that it is not for the faint of heart.
>
> Would I be better off using AppArmor instead?
I don't think so.
> Or could the two of
> them be used in combination?
>
I don't think so.
Suse uses AppArmor without kernel integration and I'm not sure what support
they offer for the project. They bought AppArmor and later licensed
everybody except maybe 2 developers (not sure).
Anyways, Novell is pretty much a living dead. Its Novell business is, of
course, dead and Suse still lives because it's on a live support line from
Microsoft.
Some people say they're not not idealist and they'll go with whoever gives
them an edge. 1st, my not sure what kind of an edge Suse offers. Then, in
such cases, what usually happens, is a deeper layer of reality creeps out to
the edge that first sight "realists" are standing on :)
Mandriva, uses some components of AppArmor, but what exactly is very
unclear.
Now, John Johansen, who used to develop for Suse seems to be working for
Canonical. The road to inclusion in the kernel seems to have been bumpy:
http://thread.gmane.org/gmane.linux.kernel.lsm/10443/focus=10456
Maybe Canonical will finally do something with AppArmor. The attitude of
Torvalds and Molnar seems to be to give the runner a chance. (French
expression. Not sure what the English equivalent is. Hum... Wait and see,
maybe.) But whether this will work perfectly in Ubuntu 10.4 raises a big
question mark.
I wouldn't think you're losing your time with SELinux and a Red Hat product
or derivative. (Of course, you're aware that if I thought Red Hat was doing
a sloppy job with its server product, I wouldn't wrap my answer in 3 layers
of fancy papers :)
I never had problems with SELinux. As I said, for a few weeks, I had the
abrt red hat flashing often but, geeky as I am, I'm not sure that it was
SELInux related. It's back to normal. It now flashes only if I remove my
flash drive without unmounting. On a server, YMMV, but I'd first consult Red
Hat documentation, then, http://oreilly.com/ 10 days Free Safari trial
offer, before going on a book buy out spree.
The 2¢ of a non-geek.
Anyways, did Quixote ever run away from challenges :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100322/610dbeef/attachment-0001.html
More information about the users
mailing list