[Novalug] Selinux: to disable or not
Clif Flynt
CLIF@CFLYNT.COM
Wed Mar 14 11:51:14 EDT 2012
On Wed, Mar 14, 2012 at 11:21:49AM -0400, Matt Ryanczak wrote:
> ...
> Its really not clear to me why Ubuntu (and others) chose this over
> SELinux. Perhaps SELinux has too much .gov stink on it?
>
My memory is that Apparmor came out of the SuSE arena about the same
time that SELinux was coming out of the Govt arena. I think both were
in response to the need to get Linux certified for secure systems use.
I recall looking at both of them in the early 2000s, but neither
solved the issue I had at the time - conforming to DoD logging
requirements. My systems live behind locked doors and nobody
touches them unless they've already got clearance, so the Access
Control stuff wasn't as much of an issue.
The kernel auditd support that came out of the RH camp solved
my conform-to-requirements problem.
Clif
--
... Clif Flynt ... http://www.cwflynt.com ... clif@cflynt.com ...
.. Tcl/Tk: A Developer's Guide (3'd edition) - Morgan Kauffman ..
.... 19'th Annual Tcl/Tk Conference: 2012, Chicago, IL USA ....
............. http://www.tcl.tk/community/tcl2012/ ............
More information about the Novalug
mailing list