James Morris wrote: >I would challenge the claim that AppArmor offers any magic bullet for >ease of use.
There are, of course, no magic bullets for ease of use. I would not make such a strong claim. I simply stated that it is plausible that AppArmor might have some advantages in some deployment environments. The purpose of LSM was to enable multiple different approaches to security, so that we don't have to fight over the One True Way to do it. There might not be one best way for all situations. These systems probably have different tradeoffs. Consequently, it seems to me that arguing over whether SELinux is superior to AppArmor makes about as much sense as arguing over whether emacs is superior to vim, or whether Python is superior to Perl. The answer is likely to be "it depends". It's to be expected that SELinux developers prefer their own system over AppArmor, or that AppArmor developers prefer AppArmor to SELinux. (Have you ever seen any new parent who thinks their own baby is ugly?) SELinux developers are likely to have built a system that addresses the problems that seem important to them; other systems might set priorities differently. I think in this case the best remedy is to let many flowers bloom, and let the users decide for themselves. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
