|
|
Subscribe / Log in / New account

AppArmor set to be merged for 2.6.36

AppArmor set to be merged for 2.6.36

Posted Jul 31, 2010 5:34 UTC (Sat) by drag (guest, #31333)
In reply to: AppArmor set to be merged for 2.6.36 by dlang
Parent article: AppArmor set to be merged for 2.6.36

Pathname vs label... I don't know which is better, I don't know if I care.
What I do know is a Mac solution needs to be default deny to be truly effective. Otherwise security gains will be largely illusionary. It's a classic trap to fall into blacklists because they are easy to use.

White lists for the win.

to post comments

AppArmor set to be merged for 2.6.36

Posted Jul 31, 2010 5:59 UTC (Sat) by dlang (guest, #313) [Link]

I definitely agree, it's very important to whitelist things. AA does support doing so.

AppArmor set to be merged for 2.6.36

Posted Jul 31, 2010 16:55 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

AA is built upon the 'whitelist' idiom. By default confined processes are forbidden to do anything, and you must grant them required permissions explicitly.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds