SELinux vs. AppArmor vs. Standard vs. What?
Craig White
craigwhite at azapple.com
Fri Oct 31 19:59:26 MST 2008
On Sat, 2008-11-01 at 02:48 +0000, Ted Gould wrote:
> On Fri, 2008-10-31 at 19:32 -0700, Craig White wrote:
> > I would venture that something similar happens to most of AppArmor roll
> > outs but beyond SuSE, I don't know where it appears as a standard
> > feature (I believe that Ubuntu has it as an optional install).
>
> Just an FYI. In Ubuntu AppArmor is on by default for all installations
> and SELinux is an optional install (replacing AppArmor). We're also
> doing things like stack randomization and other fun stuff. I'm not
> aware of a HOWTO that suggests disabling it, but undoubtably there is
> one. And in all fairness, most of the modern Fedora ones don't suggest
> disabling SELinux.
>
> One of the exciting under the hood things in Intrepid is that we're now
> changing the default compile flags for all packages to enable more
> security options in GCC. The first pass at this caused a ton of failed
> compiles, and we're planning to tighten the screws more for Jaunty.
>
> Lastly, rereading my last message I don't want it to seem like I was
> bashing Fedora. That's not my opinion at all, I'm thrilled they took
> the step to enable SELinux and make it work. It just created an
> interesting security usability example.
----
interesting...if it's turned on in my 8.04 LTS install then it's clearly
in stealth mode because I never noticed it.
Craig
More information about the PLUG-discuss
mailing list