Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Joshua Brindle
Date: Mon Apr 24 2006 - 09:44:33 EST


Pavel Machek wrote:
In the security world, there is a huge tradition of the best being the
enemy of the good --- and the best being so painful to use that people
don't want to use it, or the moment it gets in the way (either because
of performance reasons or their application does something that
requires painful configuration of the SELinux policy files), they
deconfigure it. At which point the "best" becomes useless.

You may or may not agree with the philosophical architecture question,
but that doesn't necessarily make it "broken by design". Choice is
good; if AppArmor forces SELinux to become less painful to use and
configure, then that in the long run will be a good thing.

SELinux kernel support can _almost_ do what AA does; with notable
exception of labels for new files. That can probably be fixed with
patch of reasonable size (or maybe even with LD_PRELOAD library, glibc
modification, or stuff like that). (There was post showing that in
this long flamewar).
New file labels based on path should not be addressed in the kernel and LD_PRELOAD would be incredibly hacky. Our solution to the problem is restorecond (http://danwalsh.livejournal.com/4368.html) which addresses users who want to be able to mkdir public_html and immediately use it. Userland solutions like this will make SELinux easier and easier to use, and they already have. Anyone not keeping up with SELinux lately a tremendous amount has been done in the area of usability as outlined at this years selinux symposium (http://selinux-symposium.org/2006/slides/01-smalley-yir.pdf).


Joshua
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/