[gentoo-hardened] apparmor to be supported?

[gentoo-hardened] apparmor to be supported?

[Marcel Meyer]

Hello,

I haven't found anything about apparmor inside the archives.

Has anybody here some experience with it? What are it's advantages or 
disadvantages compared to selinux,rsbac/grsecurity etc.?

Will it also be included into the hardened project?

Thanks,
Marcel


PS: I'd like to restrict many things on a program base (so not only allowing 
port 80 outgoing for everything but only for firefox and portage f.ex.). 
But since I'm not in a hurry and it is only for the desktop I'd like to 
habe a look into several alternatives and would prefer to choose the modest 
one finally ;-)

-- 
Marcel Meyer
| Netzwerk- und Rechnerorganisation
| Fachschaft Mathematik/Physik/Informatik
| Technische Universität München

-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] apparmor to be supported?

[Ned Ludd]

On Tue, 2006-01-31 at 13:08 +0100, Marcel Meyer wrote:
> Hello,
> 
> I haven't found anything about apparmor inside the archives.
> 
> Has anybody here some experience with it? What are it's advantages or 
> disadvantages compared to selinux,rsbac/grsecurity etc.?
> 
> Will it also be included into the hardened project?

probably not. We already have 3 MAC systems around. 

> 
> Thanks,
> Marcel
> 
> 
> PS: I'd like to restrict many things on a program base (so not only allowing 
> port 80 outgoing for everything but only for firefox and portage f.ex.). 
> But since I'm not in a hurry and it is only for the desktop I'd like to 
> habe a look into several alternatives and would prefer to choose the modest 
> one finally ;-)
> 
> -- 
> Marcel Meyer
> | Netzwerk- und Rechnerorganisation
> | Fachschaft Mathematik/Physik/Informatik
> | Technische Universität München
> 
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux

-- 
gentoo-hardened@gentoo.org mailing list