LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-18-2008, 08:01 AM   #1
sambesange
LQ Newbie
 
Registered: Jul 2007
Location: India
Distribution: Ubuntu 6/ RHEL 4, 5
Posts: 2

Rep: Reputation: 0
SELinux vs AppArmor


SELinux is very hard to configure. AppArmor is more user friendly. Can any one compare these ? I have gone through different posts. But could not find the exact comparison between these two in the eyes of users and not the companies.
 
Old 10-19-2008, 07:45 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
I guess the biggest reason to use SELinux over AppArmor would be that the former is still in active development.

According to this WikiPedia article Novell laid off most of the AppArmor team in 2007:
http://en.wikipedia.org/wiki/AppArmor
 
Old 11-07-2008, 12:21 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by jlightner View Post
According to this WikiPedia article Novell laid off most of the AppArmor team in 2007:
I admit I don't know the specifics about this case, but it would make sense to me if the amount of developers needed at an early, more volatile stage would be greater than those needed at a later, more stable one. When it comes to software maintenance, I think the open-source community has time and time again proven that it can step up to the plate. I guess what I'm saying is that these layoffs might at first sound like Novell was losing interest in AppArmor, but it could instead be a case of them making necessary (and possibly expected) adjustments/improvement to their development model. Kinda reminds me of Linux itself. I believe Linus Torvalds is the only one who is actually on OSDL's Linux kernel development payroll, no? Or at least he's one of the very few, relative to the amount of people that contribute code.

Last edited by win32sux; 11-07-2008 at 12:26 AM.
 
Old 11-07-2008, 07:59 AM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
Since other distros like ubuntu are using AppArmor I'd bet that it's still in active development. SELinux and AppArmor are very similar, SELinux is more complex, comprehensive, and secure. However AppArmor is much easier to configure, use, and still adds a great deal of protection. The major difference is AppArmor uses paths to do its decision making which gives it an advantage for network filesystems like NFS, but has drawbacks in that you can compromise it by making a new path to the data, say by a hard link. For local filesystems you deal with that issue by making critical apps immutable.

Either is great and adds yet another layer of security, neither is a magic bullet that will solve all your security issues.
 
Old 11-07-2008, 09:15 AM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Quote:
Originally Posted by win32sux View Post
I admit I don't know the specifics about this case, but it would make sense to me if the amount of developers needed at an early, more volatile stage would be greater than those needed at a later, more stable one. When it comes to software maintenance, I think the open-source community has time and time again proven that it can step up to the plate. I guess what I'm saying is that these layoffs might at first sound like Novell was losing interest in AppArmor, but it could instead be a case of them making necessary (and possibly expected) adjustments/improvement to their development model. Kinda reminds me of Linux itself. I believe Linus Torvalds is the only one who is actually on OSDL's Linux kernel development payroll, no? Or at least he's one of the very few, relative to the amount of people that contribute code.
In fact in this article referenced in the original Wikipedia article it says among other things that:
1) The primary developer plans to continue working on AppArmor.
2) Novell intends to continue supporting and updatign AppArmor.
3) There is an AppArmor community and that may be why Novell decided they didn't need to pay an in house team.
http://news.cnet.com/8301-13580_3-97...g=2547-1_3-0-5

By the way the original Wikipedia article does discuss some of the differences between AppArmor and SELinux.
 
  


Reply

Tags
apparmor, selinux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
AppArmor Error house0fdust Linux - Security 2 08-16-2007 11:47 AM
LXer: Novell's comparison of AppArmor and SELinux LXer Syndicated Linux News 0 07-03-2007 10:01 PM
apparmor and ubuntu??? mihalisla Linux - Newbie 2 09-12-2006 03:27 PM
AppArmor and SubDomain in 10.1 Perps SUSE / openSUSE 0 08-19-2006 03:29 AM
LXer: Novell's AppArmor challenges SELinux LXer Syndicated Linux News 0 02-24-2006 07:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration