Ever wanted to know about AppArmor and SELinux? Then this is your show!
Hosted by monochromec on 2021-03-25 is flagged as Explicit and is released under a CC-BY-SA license.
Tags: Linux Security Modules, DAC, MAC, AppArmor, SELinux, Plan 9.
Listen in ogg,
mp3 format. | Comments (1)
This is Linux Inlaws, a series on free and open source software, black humour, the revolution and freedom in general (this includes ideas and software) and generally having fun.
In this episode our two aging heroes discuss the proper temperature to
drink beer at (spoiler: it's not 20 degrees as CAMRA would make you believe)
and the ins and outs of basic and enhanced security on our beloved operating
system. If you ever wanted to know more about Linux Security Modules, AppArmor
and SELinux and how dames of negotiable affections relate to these concepts,
this show is for you.
Comment #1 posted on 2021-03-25T16:06:25Z by nobody
Other MAC implementations
In the episode you weren't quite sure if there are other MACs for Linux beside SELinux and AppArmor and indeed, there are!
There is Smack which is quite uninteresting as it's just an another label based MAC, similar to SELinux.
To me the interesting one is TOMOYO which started as a pathname based filesystem similar to AppArmor but later started differentiating between applications based on their process invocation history. This means you can apply different policies on say /bin/sh depending on the chain of execution leading to it (kernel -> init -> getty -> login -> sh VS kernel -> init -> sshd -> sh). While this is also possible in AppArmor it is quite a lot more manual work and more difficult to reason about.
TOMOYO also has much nicer tools than either of the more well known MACs. SELinux has given MAC a bad name as being hard and laborious to manage. If instead of SELinux people would be first introduced to TOMOYO they would probably be much more inclined to implement a MAC.
<< First, < Previous, Next >, Latest >>
Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.
Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).