Back in January, Novell announced
that it was releasing
the "AppArmor" security framework under the GPL. AppArmor had been
developed by Immunix, and acquired by Novell last year. Novell makes a
number of claims about AppArmor, but the one at the top of the list appears
to be relative simplicity: AppArmor is said to be easier to understand, configure, and
maintain than SELinux.
Dan Walsh, a Red Hat developer working on SELinux, has criticized this move:
Couldn't Novell have spent their money on making SELinux easier to
use? No, [Novell] chooses to split the user and developer community. I
am not sure what their goals are, but I feel this hurts Linux and
the open source movement.
For years, critics have claimed that Linux would fragment much like Unix
did, and that would be the downfall of the system. So far, Linux has
steadfastly refused to fragment in this manner. But now we have a Linux
developer saying that the same thing is happening. Red Hat and Novell also
appear to be taking different approaches to 3D-enhanced window systems.
Novell is pushing Xgl, Red Hat has AIGLX, and Linux users are left
wondering when and how all that activity will yield better graphics support
for them. At this level, too, it looks like Linux might finally be heading
for a breakup.
Or is it? Perhaps we are simply seeing the development community at work.
With regard to SELinux, it is important to note that there is no real
consensus, yet, on how the security problem should be solved. SELinux is a
powerful system, beyond doubt; it allows the capabilities of users and
programs to be specified in great detail. But SELinux is also highly complex,
to the point that a large percentage of system administrators find
themselves unable to cope with it. The fedora-devel list just had a
discussion on how to get administrators to keep SELinux enabled on their
systems. One participant, who teaches administration courses, noted:
By no means is this limited to home users. I would say that the
*vast* majority of corporate admins just turn off SELinux. The story
behind how & why they learned to do that to begin with only vary in
details. It's almost always, "I had problems installing X or doing
Y and I found a document on the Internet that said that SELinux was
in the way and didn't work right anyway and was too complicated and
didn't do me any good and that I couldn't learn enough about it to
even understand what was happening, let alone deal with it, in less
than a month and ... well, so I just turn off SELinux and then I
don't have to deal with it."
The point here is not to criticize SELinux; that has been adequately done
elsewhere. Instead, the real point is there is not, at this time, any sort
of broad consensus that SELinux is the right tool for everybody's security
problems. It may turn out that the best solution is to put more effort
into making SELinux easier to deal with, but it seems premature to claim
that SELinux will be the answer to security problems on Linux. It
makes sense, in other words, to spend some time considering other
approaches - especially those which are already implemented and relatively
If SELinux is truly a superior solution, that will eventually become clear
and users will vote with their keyboards. But to claim, at this point,
that SELinux is the only solution and that looking at alternatives hurts
the community would be a mistake. This community thrives on choices, and, to an
extent, it thrives on competition between related projects. Since the
alternatives are all free software, users are able to choose what works
for them, and the best ideas (and code) can move from one project to another.
The process would be helped, however, if Novell would pull together the
AppArmor source and submit it properly for review and eventual merging into
the mainline kernel.
The story with Xgl and AIGLX is the same. There is no real consensus, yet,
on how 3D graphics will be best supported in the X window system. So two
groups have put together two different implementations, each with its
advantages. It is easy to present this story as a classic developer
flamewar, but that does not seem to match the reality of the situation. A
look at the X.org mailing list, for example, shows Xgl developer David
Reveman agreeing to adopt some interfaces
put forward by the AIGLX group. Over the long term, the development
community will almost certainly coalesce around the approach which seems to
work best, but, for now, it is too early to say which one (if either) will
be most successful.
If there is a problem here at all, it is that the distributors are being
quick to make products out of technology which may not be entirely ready
for prime time. Red Hat has operated this way for a very long time;
anybody who remembers being pushed into, for example, the ELF or glibc2
transitions by Red Hat Linux upgrades knows that some of that code was a
little rough around the edges then. But, by pushing that code out to the
users, Red Hat almost certainly accelerated the stabilization process.
What we are seeing now is that Novell wants to get into the same game and
put more leading technology into the traditionally conservative (by
comparison) SUSE distribution. When things work well, Novell will be able
to claim leading-edge features and the code will get wider testing, sooner.
There is nothing that requires Novell, as it moves SUSE Linux toward the
leading edge, to follow Red Hat's decisions on which approaches to adopt.
The risk is that each
distributor's user base will find itself locked in to a different set of
still-green technologies, making it harder for the development community to
settle on a single choice. In the cases of security policies and 3D
acceleration, however, the potential for lock-in seems low; most users will
not care about which approach they use, as long as the system works well.
So, most likely, those critics who have predicted the death by
fragmentation of Linux will have to wait a while longer yet.
to post comments)