[ubuntu-hardened] AppArmor for Ubuntu

cwarner cwarner at kernelcode.com
Tue Feb 28 02:35:58 GMT 2006

On Mon, 2006-02-27 at 14:05 -0800, Crispin Cowan wrote:
> David Kempe wrote:
> > On Wed, Feb 22, 2006 at 08:19:58AM -0800, Crispin Cowan wrote:
> >   
> >> Does this idea sound interesting to the Hardened Ubuntu community?
> >>     
> > It certainly sounds interesting to me.
> > Lets see if we can get some packages together - what are the software
> > dependencies for AppArmour? what kernel patches does it require?
> >   
> Did Dominic's post answer your questions? Anything we can do to help
> with your testing?
> >> For people in Europe who would like to know more, I will be presenting a
> >> talk on AppArmor this weekend at FOSDEM <http://www.fosdem.org/2006>.
> >> The schedule says the talk is Sunday at 14h00.
> >>     
> > Would love to make it, but stuck in Australia, is there going to be slides
> > available?
> >   
> The slides should *eventually* appear here
> http://www.fosdem.org/2006/index/speakers/speakers_cowan
> But since I don't control that web site, you can also get the slides
> here http://crispincowan.com/~crispin/apparmor_fosdem06.sxi
> Crispin
> -- 
> Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
> Director of Software Engineering, Novell  http://novell.com
> 	Olympic Games: The Bi-Annual Festival of Corruption

Besides the fact that the method of creating policy on these slides is
totally incorrect and far from recommended practice for Selinux. There
are projects in the works and policy editors being created for Selinux.
This approach really isn't that different at all. As it all boils down
to policy.

So, besides that fact, why would someone who has already employed
Selinux for X setup switch to apparmor? Why should all the work that has
been done with Selinux be stopped?

I'm not knocking apparmor because I've not taken the time to look at all
of its technical merits but from the surface and these slides, it's
certainly behind Selinux.

Christopher Warner

More information about the ubuntu-hardened mailing list