Dailydave mailing list archives

Re: No more Novell AppArmor?

From: "J.M. Seitz" <lists () bughunter ca>
Date: Sun, 14 Oct 2007 21:19:22 -0700

Oh lord, don't even get me started with the AppArmor/SELinux craziness. I
can't remember if it was InfoSec magazine, but Crispin and some other dude
went head to head on SELinux vs. AppArmor. By the end of the article it was
clear that neither are really useful, they are impossible to configure
correctly (something like 700+ policy lines for SELinux and httpd) and in
most cases are shut off. I know it's policy where I come from to do a
"setenforce 0" the minute we bring up a new machine :)
 
JS

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

No more Novell AppArmor? Dave Aitel (Oct 13)
- Re: No more Novell AppArmor? Andre Gironda (Oct 14)
- Re: No more Novell AppArmor? J.M. Seitz (Oct 15)
- Re: No more Novell AppArmor? Kees Cook (Oct 15)
- <Possible follow-ups>
- Re: No more Novell AppArmor? Rodrigo Rubira Branco (BSDaemon) (Oct 14)
  - Re: No more Novell AppArmor? Andre Gironda (Oct 20)
- Re: No more Novell AppArmor? Kristian Erik Hermansen (Oct 15)