User: Password:
|
|
Subscribe / Log in / New account

SMACK meets the One True Security Module

SMACK meets the One True Security Module

Posted Oct 4, 2007 14:53 UTC (Thu) by jengelh (subscriber, #33263)
In reply to: SMACK meets the One True Security Module by bronson
Parent article: SMACK meets the One True Security Module

>Ignore the userspace tools! Make a portion of SELinux as capable and easy to use as AppArmor or SMACK and SELinux adoption will increase tenfold.

So, interestingly, is not *Novell* to blame (rather than SELinux or the casual user) to not have AppArmor designed to use SELinux as LSM? Just a thought...


(Log in to post comments)

SMACK meets the One True Security Module

Posted Oct 4, 2007 21:04 UTC (Thu) by nix (subscriber, #2304) [Link]

AppArmor predates SELinux, and does things that SELinux can't do without
insane delays (mass-relabelling of potentially every file in a very deep
subdirectory whenever you rename it springs to mind; even crazier
mass-relabellings of everything on the disk to implement some changes of
policy, unless I miss my guess).

(Equally, AppArmor can't efficiently imitate a TE system --- but nobody's
claiming it can.)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds