User: Password:
|
|
Subscribe / Log in / New account

The future of AppArmor

The future of AppArmor

Posted Oct 18, 2007 14:14 UTC (Thu) by jengelh (subscriber, #33263)
Parent article: The future of AppArmor

>There are valid concerns that it papers over the complexities of securing Linux, providing a
false sense of security.

You use SELinux and when you /think/ you've got your policy right (giving you a sense of
security), there might be still something left that remained open because you could not find
it in that not-papered-over complexity.


(Log in to post comments)

The future of AppArmor

Posted Oct 19, 2007 12:48 UTC (Fri) by t8m (guest, #31777) [Link]

I don't think so. As there are strictly only allow rules in policy so you are only adding
actions which the restricted application can do it is unlikely. On the other hand it is one of
the reasons why writing a policy is  relatively hard and that SELinux tends to "break" apps.
But that's a price for being correct and not oversimplifying security.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds