[Wolves] Nsa using linux

Simon Morris sm at beerandspeech.org
Fri Aug 25 18:07:53 BST 2006


On 25/08/06, Shane M. Coughlan <shane at shaneland.co.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Peter Cannon wrote:
> > SELinux has been around for ages in Fedora Core SuSE has its own version
> > called AppArmor. These two solutions are really a quasi second fiewall
> > controlling applications and their installation and functionality by either
> > letting them install/run. In effect it will stop applications executing or
> > accessing resources so its not a 'Flavor of Linux' its a security feature of
> > Linux.
>
> SELinux is short for Security Enhanced Linux.  It's a series of
> enhancements to make Linux more secure.  This security is obtained by
> policies that determine how applications can run on a given system.
>
> SELinux and AppArmor are not the same.  AppArmor is less granular and
> focuses on simplicity for the end user.  SELinux is focused on ensuring
> that applications act in the way you want them to act.

Oooh, I'd refute that statement! AppArmor uses a more condensed syntax
to define the same thing - this doesn't mean that is is less granular.

There is some merit in the argument that using file path names in the
policy (in AppArmor) is a bad idea because of the ability to use hard
links but AppArmor is in a position where it is both secure and
usable. SELinux has been around for a number of years and it is has a
number of usability.... "opportunities" at the moment.

I think the fact that most administrators prefer to disable SELinux
when they come across problems with it rather than fix it says a lot.

-- 
~sm
Jabber: sm at jabber.fsfe.org
www: http://beerandspeech.org



More information about the Wolves mailing list