Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11]security: AppArmor - Overview
From: James Morris
Date: Fri Apr 28 2006 - 17:49:10 EST
On Fri, 28 Apr 2006, Stephen Hemminger wrote:
> SELinux on the other hand takes a real security view of the world. If
> you have ever worked with real security environment with "need to
> know", you will understand that it is hard to keep secure and requires
> too many restrictions for normal users.
It depends on the type of SELinux policy you have loaded. The one which
most people use, "targeted policy", is aimed at confining network facing
services while allowing the local user level stuff to run generally
without confinement.
- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/