AppArmor for Fedora
alan
alan at clueserver.org
Mon Aug 27 16:08:36 UTC 2007
On Mon, 27 Aug 2007, Javier Perez wrote:
> On 8/26/07, Arthur Pemberton <pemboa at gmail.com> wrote:
>>
>> On 8/26/07, Javier Perez <pepebuho at gmail.com> wrote:
>>> Hi
>>>
>>> Is anybody working to port AppArmor to Fedora?
>>
>> Not that I have heard of.
>> But I wouldn't waste my time, SELinux is better.
>>
>>> It does similar work like SELINUX but it is supposed to be user
>> frendlier.
>>
>> It doesn't work like SELinux is just tries to solve the same problem.
>> Not sure what is unfriendly about SELinux however. I'm loving
>> setroubleshoot
>>
>>> Where do I ask the powers that be to include it?
>>
>> fedora-devel list, and this would like be if you are willing to do the
>> work.
>
>
> Hmmm, Not Yet. Let me first learn more about the technical reasons Alan Cox
> posted above. Could you provide some links pls? I am just being lazy here
> :) Besides, I am interested on the technical reasons, I do not want to
> google and land on the middle of the several flame wars I am quite sure
> there should be around there.
I have been interested in making SELinux and AppArmor work together. I
have yet to find the time.
AppArmor has an additional use that SELinux does not. The ability for the
user to constrain an arbitrary process run by the user. For example, I
could constrain Adobe Acrobat to only be able to read files in a narrowly
defined set of directories and not execute other applications.
I think it is a worthwhile project and I am willing to help out.
--
Refrigerator Rule #1: If you don't remember when you bought it, Don't eat it.
More information about the fedora-list
mailing list