[ubuntu-hardened] AppArmor for Ubuntu

Crispin Cowan crispin at novell.com
Thu Mar 2 08:20:10 GMT 2006

cwarner wrote:
>> How quaint :) It is a summary of the method posted by Red Hat on their
>> web site documenting how to create a policy. So it is not "wrong", but
>> it might be out of date. Care to update it?
> I would if I had much of a spare moment. Infact if I had more time i'd
> try to write a decent overview on writing policy. Can you provide a link
> to the documentation you're speaking of?
It is a summary of this page

>> Except for the fundamental difference between path name based access
>> controls and label based access controls. The label based scheme in
>> SELinux makes it much more difficult to build an automated policy generator.
> There is a response to this in the form of questions posed By Thomas
> Bleher.
I'm going to post an extended response to labels vs. paths when I'm not
running for an airplane :)

>>> I'm not knocking apparmor because I've not taken the time to look at all
>>> of its technical merits but from the surface and these slides, it's
>>> certainly behind Selinux.
>> Uh huh. Try it :)
> Will do and thanks for taking time out.
Much appreciated. I can express all the opinions I like, but trying
AppArmor speaks for itself.

Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
	Olympic Games: The Bi-Annual Festival of Corruption

More information about the ubuntu-hardened mailing list