SELinux vs. AppArmor vs. Standard vs. What?

Craig White craigwhite at azapple.com
Fri Oct 31 19:59:26 MST 2008


On Sat, 2008-11-01 at 02:48 +0000, Ted Gould wrote:
> On Fri, 2008-10-31 at 19:32 -0700, Craig White wrote:
> > I would venture that something similar happens to most of AppArmor roll
> > outs but beyond SuSE, I don't know where it appears as a standard
> > feature (I believe that Ubuntu has it as an optional install).
> 
> Just an FYI.  In Ubuntu AppArmor is on by default for all installations
> and SELinux is an optional install (replacing AppArmor).  We're also
> doing things like stack randomization and other fun stuff.  I'm not
> aware of a HOWTO that suggests disabling it, but undoubtably there is
> one.  And in all fairness, most of the modern Fedora ones don't suggest
> disabling SELinux.
> 
> One of the exciting under the hood things in Intrepid is that we're now
> changing the default compile flags for all packages to enable more
> security options in GCC.  The first pass at this caused a ton of failed
> compiles, and we're planning to tighten the screws more for Jaunty.
> 
> Lastly, rereading my last message I don't want it to seem like I was
> bashing Fedora.  That's not my opinion at all, I'm thrilled they took
> the step to enable SELinux and make it work.  It just created an
> interesting security usability example.
----
interesting...if it's turned on in my 8.04 LTS install then it's clearly
in stealth mode because I never noticed it.

Craig



More information about the PLUG-discuss mailing list