Karl MacMillan wrote: >My private ssh keys need to be protected regardless >of the file name - it is the "bag of bits" that make it important not >the name.
I think you picked a bad example. That's a confidentiality policy. AppArmor can't make any guarantees about confidentiality. Neither can SELinux. If you give a malicious app the power to read your private ssh key, it's game over, dude. (Covert channels, wall banging, and all that.) So don't do that. >Similarly, you protect the integrity of the applications that >need name resolution by ensuring that the data that they read is high >integrity. You do that by controlling data not the file name used to >access the data. That is James point - a comprehensive mechanism like >SELinux allows you to comprehensively protect the integrity of data. I think this argument just misses the point. What you want isn't what AppArmor does. Fine. Nobody is forcing you to use AppArmor. But that doesn't mean AppArmor is useless. There may be people who want what AppArmor has to provide. It sounds like you want a comprehensive information flow control system. That's not what AppArmor provides. If I understand correctly, one thing AppArmor does provide is a way to confine untrusted legacy apps in a restricted jail. That can be useful in some scenarios. Consider, for instance, a web server where untrusted users can upload PHP scripts, and you're concerned that those PHP scripts might be malicious. Maybe you'd like to confine the PHP interpreter to limit what it can do. That might be a good application for something like AppArmor. You don't need comprehensive information flow control for that kind of use, and it would likely just get in the way. Those who want a information flow control system, will probably use SELinux or something like it. Those who want what AppArmor has to offer, might well use AppArmor. They solve different problems and have different tradeoffs. There is room for more than one security tool in the world. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
