Linux security non-modules and AppArmor
Posted Jun 28, 2007 5:28 UTC (Thu) by dlang
(✭ supporter ✭
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
that's a good restatement of the SELinux pitch. A shorter version is that SELinux can do everything and nothing else is needed.
except that the SELinux framework cannot reasonably implement the AppArmor semantics since a simple rename could require the relabeling of thousands of files before the system works properly.
and no, I don't buy the answer from the SELinux camp of "well, don't do that then" as being reasonable
for the record I am not a current user of AA, however I definantly see it as being useful and would start useing it within a couple of months of it being included.
the arguments against keeping the LSM modular all assume a SELinux approach of tagging everything and worry about how to tag things on module insertion and what to do with the tags on module removal.
if you look at other possible modules the answers are much clearer.
for example, with App Armor when you unload the module everything is unconstrained. when you load a module all future accesses are checked (if the name of the program being run can only be found at execution time then it could only constrain programs executed after it's loaded, which could be an advantage under some conditions)
another LSM I ran across recently allowed you to limit network use by programs. it also seems like the load/unload events would be clear (or at least straightforward)
to post comments)