• 1

used both, have an opinion

Dan, I respect that you have done a lot to advance SELinux, which has helped the open source community greatly. I have to disagree with you on this subject, however.

I've been using Redhat, and now Fedora, for many, many years. I have appreciated the advances made by SELinux in Fedora Core, and I have high hopes for the modular reference-based policy in FC5. (I'm running FC5b3 as I type this.)

HOWEVER, recently I started running SUSE 10.1b6 on a second machine. I've been familiar with AppArmor for awhile, but have never bothered to use it as it was closed -source until recently. Having spent some time trying to build policies for both FC5 SELinux and AppArmor, I feel I've realized why AppArmor has the upper hand.

Simply put, AppArmor is *easy* to add policy to. I can quickly sandbox applications using AppArmor that would take TONS of time to "do right" in SELinux. That's a killer difference for me.

If you want SELinux to succeed, you have got to deliver tools that are geared at the use cases of the average sys admin. It's that simple.

Best regards,

Re: used both, have an opinion


The open-source community has never been squeamish about writing their own drivers, and thus doing a lot of Lenovo’s (and chip companies’) work for them.

  • 1

Log in