Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview

From: James Morris
Date: Fri Apr 28 2006 - 17:49:10 EST

Next message: khaled MOHAMMED atteya: "I hope to be kernel developer ,in i386 arch"
Previous message: Darren Hart: "RT interrupt handling"
In reply to: Stephen Hemminger: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview"
Next in thread: Karl MacMillan: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 28 Apr 2006, Stephen Hemminger wrote:

> SELinux on the other hand takes a real security view of the world. If
> you have ever worked with real security environment with "need to
> know", you will understand that it is hard to keep secure and requires
> too many restrictions for normal users.

It depends on the type of SELinux policy you have loaded. The one which
most people use, "targeted policy", is aimed at confining network facing
services while allowing the local user level stuff to run generally
without confinement.

- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: khaled MOHAMMED atteya: "I hope to be kernel developer ,in i386 arch"
Previous message: Darren Hart: "RT interrupt handling"
In reply to: Stephen Hemminger: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview"
Next in thread: Karl MacMillan: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]