Linked by Thom Holwerda on Fri 12th May 2006 20:21 UTC, submitted by anonymous
Linux "SELinux, the US National Security Agency's implementation of mandatory access control, is the most prominent new security subsystem in Linux. It comes installed by default in Fedora and Red Hat Enterprise Linux and is available in easy-to-install packages in other distributions. This article shows you how to convert a non-SELinux system by hand in order to expose details about how SELinux is integrated into a system."
Thread beginning with comment 124215
To view parent comment, click here.
To read all comments associated with this story, please click here.
grat
Member since:
2006-02-02

You mean like:

http://www.novell.com/products/apparmor

it uses the same Linux kernel hooks, but is designed less for national security, and more for "regular folks". Novell has made the code open-source.

And as for the NSA, they're paid spies. Consider instead who told them to spy on your own self.

Reply Parent Score: 3

hustomte Member since:
2006-01-07

AppArmor, and other path-based frameworks, have severe limitations though.

Instead of repeating arguments, this thorough explains the issues quite well:
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-pa...

Main issues with apparmor?
I'd say reliance on DAC to complement the MAC part and inherent ambiguity for file paths.

Reply Parent Score: 1