On Tue, Mar 14, 2006 at 04:52:54PM +0100, Dennis Jacobfeuerborn wrote: > I understand that but if this system that "solves the fundamental problems" > is so complex that most people just turn it off then the gain in security > you get is pretty much theoretical. Security isn't an all-or-nothing thing > and right now there seems to be chasm between the very basic traditional
It becomes a packaging problem. For most users SELinux just works and they take the defaults. The argument you are making is not new btw, the same was said about firewalling by default years ago and today would be regarded as deeply silly. In part the risk model changed, in part the tools improved > Unix model and the very secure but extremely complex SELinux. It looks like > AppArmor fits in quite well between these two extremes. Looks pretty, does little ? Thats not a good combination. I agree entirely about the lack of easy tool configuration for SELinux. Anyway if AppArmor wats to become anything serious it needs to get upstream and I see no evidence of them even trying to do that. If it gets upstream dropping the tools for it into extras is easy
