Fedora vs OpenSuse
Ralf Corsepius
rc040203 at freenet.de
Fri Jun 15 11:11:12 UTC 2007
On Fri, 2007-06-15 at 14:58 +0530, Rahul Sundaram wrote:
> Ralf Corsepius wrote:
> > On Thu, 2007-06-14 at 16:54 -0400, Tom Horsley wrote:
> >> On Thu, 14 Jun 2007 11:25:08 -0400
> >> taharka <res00vl8 at alltel.net> wrote:
> >>
> >>> OpenSuse/SEL includes AppArmor, which is they're answer to SELINUX &
> >>> supposedly easier to configure/administrate ;-)
> >> Yea, AppArmor is really secure :-). At work someone found it
> >> was refusing to let them run something (I forget which program,
> >> some utterly common utility like uname or date or something).
> >> They copied the executable to a different name file, and it
> >> let them run the copy just fine.
> > Well, is this much better than SELinux-issues preventing your Fedora
> > systems to work properly?
>
> Design bugs are always going to be harder to fix than implementation
> issues. Any issues reported are fixed pretty quickly. Did you report any?
>
> > I've never encountered a case where SELinux caught an actual security
> > breach, but I've seen many cases were SELinux prevented systems from
> > operating properly.
>
> There has dozens of such instances where SELinux has prevented or
> mitigated the issue.
No doubts, there probably have been such incidents.
I can't comment on AppArmor (I am not using OpenSuSE), but I can comment
on SELinux from my personal experience with it. And from that I would be
very cautious to mention it as a "selling point", because I assume
everybody using Fedora for a couple of months at some point has had his
own experiences with it.
It's helpful and harmful at the same time. Which side's tradeoffs
overweight depends on the personal situation and a particular machine's
purpose.
Ralf
More information about the fedora-list
mailing list