SELinux works like a charm in Ubuntu!
Felipe Alfaro Solana
felipe.alfaro at gmail.com
Sun Feb 4 02:15:14 UTC 2007
On 2/4/07, Gabriel Dragffy <dragffy at yandex.ru> wrote:
> I remember reading something quite a long time ago. IIRC it was an
> on-going discussion between the devs of Ubuntu or Debian (don't remember
> which), they were discussing the relative merits of SELinux and
> AppArmor, saying that both had their problems and they would like to
> find a more comprehensive solution before integrating extra security
> precautions like SE or AppArmor... Fedora kept plugging away at SELinux
> and I think that it's now doing a decent job, and it's easy enough to
> alter the policy or turn it off completely (to aid in trouble-shooting).
While I don't know much of AppArmour, I think SELinux offers a nice
feature set and can help in locking and thighting down the system. On
the other hand, SELinux is far too complex, so I'm completely sure
that it has bugs and somebody will find an exploit that will be able
to partially or totally bypass some of the security mesaures that
SELinux provides.
But anyways, let it be SELinux, AppArmour or OpenBSD's systrace, I
think policy enforcement and limiting what software can do is the
right way to go. Much like ACLs on a firewall usually restrict
everything while allowing what is required, I think systems that
implement mandatory access control can help in improving system
security.
More information about the ubuntu-users
mailing list