SMACK meets the One True Security Module

Posted Oct 4, 2007 21:04 UTC (Thu) by nix (subscriber, #2304)
In reply to: SMACK meets the One True Security Module by jengelh
Parent article: SMACK meets the One True Security Module

AppArmor predates SELinux, and does things that SELinux can't do without
insane delays (mass-relabelling of potentially every file in a very deep
subdirectory whenever you rename it springs to mind; even crazier
mass-relabellings of everything on the disk to implement some changes of
policy, unless I miss my guess).

(Equally, AppArmor can't efficiently imitate a TE system --- but nobody's
claiming it can.)