Linux security non-modules and AppArmor
Posted Jun 28, 2007 21:06 UTC (Thu) by smoogen
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
There are various higher level policy editing tools... they are just not well known. One of the issues comes down to what people want versus what they might need. People want the ability to not think about security because security is sold to them as being hard work, etc. This is why they will pay thousands of dollars for security systems that might only check to see if a door is open. Or they will pay for bars on their house windows, but then cant get out in a fire. Heck I have had to fix problems with several people who bought a small magnet that sits on top of their monitor that keeps out bad-guys. Everything else was tooo complicated.
My two problems with either of the solutions is marketing. Selinux people have been very good about reminding people that you need to think about things before you use them. Sometimes they are too good, and you feel that grandpa's old bomb-shelter is almost safe enough for your computers.
And too many of the AppArmour fan-boys will tell you that you don't need to think.. just install it and you will never have a problem.
At which point the religious wars about who is being the bigger idiot start up.
to post comments)