Re: SELinux vs. AppArmor vs. Standard vs. What?

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Ted Gould
Date:  
To: Main PLUG discussion list
Subject: Re: SELinux vs. AppArmor vs. Standard vs. What?
On Fri, 2008-10-31 at 19:32 -0700, Craig White wrote:
> I would venture that something similar happens to most of AppArmor roll
> outs but beyond SuSE, I don't know where it appears as a standard
> feature (I believe that Ubuntu has it as an optional install).


Just an FYI. In Ubuntu AppArmor is on by default for all installations
and SELinux is an optional install (replacing AppArmor). We're also
doing things like stack randomization and other fun stuff. I'm not
aware of a HOWTO that suggests disabling it, but undoubtably there is
one. And in all fairness, most of the modern Fedora ones don't suggest
disabling SELinux.

One of the exciting under the hood things in Intrepid is that we're now
changing the default compile flags for all packages to enable more
security options in GCC. The first pass at this caused a ton of failed
compiles, and we're planning to tighten the screws more for Jaunty.

Lastly, rereading my last message I don't want it to seem like I was
bashing Fedora. That's not my opinion at all, I'm thrilled they took
the step to enable SELinux and make it work. It just created an
interesting security usability example.

        --Ted


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss