• 1

Re: To the contrary

(Anonymous)
Excellent, but does your opinion have anything to do with my original post ? I didn't say that AppArmor or Immunix are bad or incompetent, just that Novell seems to spread deliberate misinformation about SELinux, that's all.

I can believe AppArmor is easier to use (I use SELinux and only read AppArmor manual) but I also suspect (perhaps I need to learn more) that it's also less flexible and possibly less secure. MAC shouldn't be considered a toy, for which pretty GUI (and no need to training) is the key factor. To be perfectly honest, I admit that SELinux documentation should be definitely improved.

Re: To the contrary

(Anonymous)
In a fully deployed scenario SELinux certainly does have the ability to provide greater security than AppArmor as it can address a wider range of threat models. Unfortunately, making MAC both secure and practical (i.e., deployable for most organizations) isn't the easiest of task and AppArmor does focus on usability instead of covering every possible threat vector. I didn't mean to discredit SELinux, just to point out that for the vast majority of users out there for whom SELinux is too complicated to deploy that AppArmor is avilable and very easy (in my mind anyway) to setup.
Cheers,
Dan

  • 1
?

Log in