[ubuntu-hardened] AppArmor for Ubuntu

Crispin Cowan crispin at novell.com
Thu Mar 2 08:20:10 GMT 2006


cwarner wrote:
>> How quaint :) It is a summary of the method posted by Red Hat on their
>> web site documenting how to create a policy. So it is not "wrong", but
>> it might be out of date. Care to update it?
>>     
> I would if I had much of a spare moment. Infact if I had more time i'd
> try to write a decent overview on writing policy. Can you provide a link
> to the documentation you're speaking of?
>   
It is a summary of this page
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/selg-section-0128.html

>> Except for the fundamental difference between path name based access
>> controls and label based access controls. The label based scheme in
>> SELinux makes it much more difficult to build an automated policy generator.
>>     
> There is a response to this in the form of questions posed By Thomas
> Bleher.
>   
I'm going to post an extended response to labels vs. paths when I'm not
running for an airplane :)

>>> I'm not knocking apparmor because I've not taken the time to look at all
>>> of its technical merits but from the surface and these slides, it's
>>> certainly behind Selinux.
>>>   
>>>       
>> Uh huh. Try it :)
>>     
> Will do and thanks for taking time out.
>   
Much appreciated. I can express all the opinions I like, but trying
AppArmor speaks for itself.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
	Olympic Games: The Bi-Annual Festival of Corruption




More information about the ubuntu-hardened mailing list