SELinux vs. AppArmor vs. Standard vs. What?

Ted Gould ted at gould.cx
Fri Oct 31 19:20:37 MST 2008


I'm going to top post, you'll have to deal :)

I think that the three come down to what are your goals.  One of the
goals of SELinux is to make it so that it can be configured to the point
of not having a root user.  Basically so the IT guy can't read the
president's e-mail.  This is very cool if you need that level of
security -- but I'm guessing you're not sending nuclear launch codes (or
at least I hope not).  The problem comes down to, with flexibility and
power you definitely have enough rope to shoot yourself in the foot.

I've talked with the folks implementing AppArmor in Ubuntu a lot about
this, and one of the problems that we saw is that almost any Fedora
HOWTO on the Internet starts with "disable SELinux."  I'm not sure how
many Fedora systems have it running and how many don't, but I'm guessing
that a fair number don't because of this.  Not good.

One of the things that AppArmor does (which isn't as restrictive) is do
more wild cards and different configurations that get evaluated at
runtime.  It is more dynamic that SELinux.  This makes it easier to
configure but also less robust in really well defined locked down
environments.

I think an interesting example of using AppArmor is the new guest
account feature in Intrepid.  We basically dynamicly create an account
and lock it down with AppArmor to make sure that the guest can't do
anything crazy.

All in all, unless you're a spy agency I would say that having someone
configuring the computer who understands security and configuring a
computer to be secure matters more than any of the technologies you
choose.

		--Ted


On Fri, 2008-10-31 at 16:19 -0700, Alan Dayley wrote:
> Thanks for all the responses to my remote desktop login question.  I'm
> pretty sure we will deploy FreeNX for that function.
> 
> This question has to do with the same server.  A tech savvy manager
> says we should use "NSA Linux" on the remote desktop host server.
> What he means is use the SELinux security features.
> 
> Now, I don't have lots of experience with setup and maintainence of
> SELinux.  I hAve read that it is painful and requires more
> administration than just "set and forget."
> 
> A similar technology is the AppArmor profiles for applications.  Said
> to be easier to use than SELinux but provides much the same benefits.
> 
> Then a third camp seems to think that both of these are overkill and a
> headache for the benefits gained.  They feel that, configured
> correctly, standard user security on a Linux box is secure enough for
> most business applications.
> 
> Where do any of you stand on this argument?  Is SELinux really a pain
> to setup and use?  Is AppArmor interesting but not worth it?
> 
> Given the function of the server as I previously described in that
> other thread (http://lists.plug.phoenix.az.us/lurker/thread/20081030.230820.05346d48.en.html#20081030.230820.05346d48),
> What security extensions would you deploy and why?
> 
> Alan
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081101/9b356a27/attachment.pgp 


More information about the PLUG-discuss mailing list