The AppArmor debate begins
Posted Apr 27, 2006 3:47 UTC (Thu) by jamesm
Parent article: The AppArmor debate begins
I'd like to address the idea AppArmor is simple for "mere mortals" to administer in comparison with SELinux, which I believe to be a myth.
In this thread, the creator of AppArmor admits that he doesn't understand the thunderbird policy on his own machine, and alarmingly, why it has setuid capability.
> but as you posted an example profile with "capability setuid", I must
> admit I am curious as to why an email client needs that.
Well now that is a very good question, but it has nothing to do with
AppArmor. The AppArmor learning mode just records the actions that the
application performs. With or without AppArmor, the Thunderbird mail
client is using cap_setuid. AppArmor gives you the opportunity to *deny*
that capability, so you can try blocking it and find out. But for
documentation on why Thunderbird needs it, you would have to look at
mozilla.org not the AppArmor pages.
As they add more policy coverage for things like IPC and networking, it will only become more complicated, but without the strong security assurance features of SELinux.
This also demonstrates the way the AppArmor tool encapsulates existing behavior, without any real design or understanding of the security implications of the policy being generated.
to post comments)