Cliffe wrote: > Just a thought: > Do security modules such as selinux and apparmor currently stack > correctly? SELinux and AppArmor do not stack together. I have seen some other modules implement stacking, but usually where the functionality of the modules is complementary.
> If not, do you think that this may be partially responsible for the > friction between the two camps? No, I do not believe that this has anything to do with the friction. There is no point to stacking AppArmor and SELinux together. AppArmor and SELinux are different approaches to substantially similar goals. Stacking the two of them together would give you the worst of both worlds. The friction is a natural product of competition. You see similar competition between GNOME and KDE, between Linux and *BSD, between the various *BSD camps, and so forth. In all these cases, somewhat different design goals resulted in substantially different implementations, producing wildly divergent opinions on which system is "best". Which is silly, because in each case, the "best" system to use is the one that meets *your* specific needs. SELinux and AppArmor cannot share a running kernel, but they can share a distro. Ubuntu Feisty Fawn supports both SELinux and AppArmor. Just like GNOME vs. KDE, you can choose to install either. With some work, you could probably even install both, and decide at boot time which one to run, give or take accidentally dropping the security labels that SELinux depends on when running the non-SELinux system. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
