SELinux vs. AppArmor vs. Standard vs. What?
Ted Gould
ted at gould.cx
Fri Oct 31 19:48:25 MST 2008
On Fri, 2008-10-31 at 19:32 -0700, Craig White wrote:
> I would venture that something similar happens to most of AppArmor roll
> outs but beyond SuSE, I don't know where it appears as a standard
> feature (I believe that Ubuntu has it as an optional install).
Just an FYI. In Ubuntu AppArmor is on by default for all installations
and SELinux is an optional install (replacing AppArmor). We're also
doing things like stack randomization and other fun stuff. I'm not
aware of a HOWTO that suggests disabling it, but undoubtably there is
one. And in all fairness, most of the modern Fedora ones don't suggest
disabling SELinux.
One of the exciting under the hood things in Intrepid is that we're now
changing the default compile flags for all packages to enable more
security options in GCC. The first pass at this caused a ton of failed
compiles, and we're planning to tighten the screws more for Jaunty.
Lastly, rereading my last message I don't want it to seem like I was
bashing Fedora. That's not my opinion at all, I'm thrilled they took
the step to enable SELinux and make it work. It just created an
interesting security usability example.
--Ted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081101/de78d677/attachment.pgp
More information about the PLUG-discuss
mailing list