Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[Valdis . Kletnieks]

On Tue, 18 Apr 2006 23:38:33 +0200, Kurt Garloff said:
> AppArmor is easy. Everyone with a little background in Un*x can
> understand what it does and how it needs to be configured.
> Eventually, most sysadmins of the world can configure it correctly
> and thus make their systems more secure.

Having spent a quarter century in which cleaning up after other sysadmins
has played a major role, I think you're vastly overstating the average clue level
out there.

Most of the readers of this list can (hopefully) snarf a linux-2.foo.tar.bz2
and end up with a bootable kernel on their own.  The *actual* average sysadmin
out there has trouble getting something like 'up2date' (or the Ubuntu equivalent)
to update an already vendor-compiled kernel.

Experience has shown that if you make the sysadmin configure it using anything
more than 1 or 2 very broad knobs ("fairly secure, very secure, tinfoil-hat secure"),
it *very* quickly becomes a way for them to create security holes in their system,
and doesn't add any actual security.

And the instant you abstract it all behind a point-and-drool GUI with a choice
of 3 buttons to click, it doesn't matter anymore, because the distro vendor
will be doing all the heavy lifting.

Attachment: pgp00000.pgp
Description: PGP signature