[ubuntu-hardened] SELinux versus Apparmor

Jamie Jones jamie_jones_au at yahoo.com.au
Sat Feb 18 14:14:44 GMT 2006

On Sat, 2006-02-18 at 13:41 +0100, Magnus Runesson wrote:
> >From my point of you it is important that security mechanisms are pretty
> transparent for the users, and easy to manage for the administrators.
> Have anyone else had the thought to use AppArmor instead of SELinux in
> ubuntu?


I've been looking at SELinux, RSBAC (http://www.rsbac.org/), RBAC
(http://www.grsecurity.net/), and AppArmor. SELinux and RSBAC both
appear to be complicated and complex - yet very comprehensive. Probably
a better choice if you have the time to learn is to try one of these
two. SELinux has the advantage of being "blessed" by the the main Linux
kernel developers, so you won't need to patch your kernel for them. RBAC
and AppArmor are both a more lightweight approach. RBAC has an advantage
in that it has been around longer then AppArmor.

In summary, for any choice other then SELinux, you will need to build
your own kernel. Personally, if I could, I'd build either a junker pc,
or a virtual machine, and try all 4, then I'd pick the one I like best.

Jamie Jones
E-Yagi Consulting
ABN: 32 138 593 410
Mob: +61 4 16 025 081
Email: eyagi.consulting at gmail.com
Web: http://www.eyagiconsulting.com

GPG/PGP signed mail preferred. No HTML mail. No MS Word attachments
PGP Key ID 0x4B6E7209
Fingerprint E1FD 9D7E 6BB4 1BD4 AEB9 3091 0027 CEFA 4B6E 7209
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20060219/545a692d/attachment.pgp

More information about the ubuntu-hardened mailing list