The proponents of AppArmor claim that the approach is sound. Unlike SELinux, AppArmor does not attempt to be the ultimate security solution for all situations. Instead, it simply puts a lid on applications which might be compromised by an attacker. AppArmor raises the bar by limiting what a broken application might do; it does not attempt to regulate the interactions between every application and every object in the system. This approach is, it is claimed, enough to significantly raise the security of a system while maintaining an administrative interface which is accessible to mere mortals. And, for AppArmor's goals, a pathname-based access control mechanism is said to be good enough. It will probably be some time before we will see whether the kernel development community agrees with that claim.
My personal opinion on this is that if you create a security system that makes things only a little harder, then crackers will work a little harder.
If you're going to provide new security facilities, and you have a choice between ones which have a fairly clear path to get around, and ones which will be substantially harder to break (at, perhaps, the expense of being substantially harder to configure), you go deep. Not doing so penalizes the smart people in favor of the dumb ones -- just because I don't know how to configure SELinux doesn't mean I can't find someone who does ... but if it's not there, it doesn't matter whether I can do it myself or find help, does it?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds