Hi!
> >> Average users are not supposed to be writing security policy. To be
> >> honest, even average-level system administrators should not be
> >> writing security policy.
> That explains so much! "SELinux: you're too dumb to use it, so just keep
> your hands in your pockets." :-)
>
> AppArmor was designed to allow your average sys admin to write a
> security policy. It makes different design choices than SELinux to
> achieve that goal. As a result, AppArmor is an utter failure when
> compared to SELinux's goals, and SELinux in turn is an utter failure
> when compared to AppArmor's goals.
I'd not be that sure. SELinux can read AA config files, with some
performance problems and bad problems with new files.
I bet solving the 'new files' problem is not going to take 20% of AA's
size...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
