User: Password:
|
|
Subscribe / Log in / New account

Re: [AppArmor 00/44] AppArmor security module overview

From:  Alan Cox <alan-AT-lxorguk.ukuu.org.uk>
To:  casey-AT-schaufler-ca.com
Subject:  Re: [AppArmor 00/44] AppArmor security module overview
Date:  Thu, 28 Jun 2007 11:23:24 +0100
Cc:  David Miller <davem-AT-davemloft.net>, crispin-AT-novell.com, seanlkml-AT-sympatico.ca, bunk-AT-stusta.de, akpm-AT-linux-foundation.org, jjohansen-AT-suse.de, linux-kernel-AT-vger.kernel.org, linux-security-module-AT-vger.kernel.org, linux-fsdevel-AT-vger.kernel.org
Archive-link:  Article, Thread

> > Anyone can apply the apparmour patch to their tree, they get the
> > choice that way.  Nobody is currently prevented from using apparmour
> > if they want to, any such suggestion is pure rubbish.
> 
> The exact same argument was made prior to SELinux going upstream.

Its made for every thing before it goes upstream. It shouldn't be going
uptream until it works, is reliable and does something useful. Then if it
ever makes that grade it can go and sit in -mm for a bit to shake down .

> > Frankly I think AppArmour is a joke,
> 
> "SELinux, AppArmor, and Hilary Clinton walk into a bar ..."


SELinux orders a beer object
AppArmor order a /beer
Hilary says "You are both under 21 you can't"
SELinux orders a shandy object
AppArmor orders a /shandy

SELinux is refused because the shandy mixer opened a beer object and
	shandy inherited beer typing
AppArmor gets drunk because /shandy and /beer are clearly different


-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



(Log in to post comments)


Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds