[Chugalug] selinux vs apparmor

Robert A. Kelly III bluethegrappler at gmail.com
Tue Aug 13 23:01:57 UTC 2013


On 07/28/2013 03:46 PM, Rod-Lists wrote:
> anyone tried both? are they equivalent? Both are available on debian.

I don't have much experience here, but they are similar (both provide
mandatory access control via a Linux Security Module), but with somewhat
different approaches (SELinux uses labels while AppArmor uses paths).
Some claim AppArmor is easier to use and administer. I guess AppArmor
would be the way to go if you are concerned about the NSA conspiracy
theories (SELinux was developed by the NSA and I saw some claims
recently that it's counterpart, SE for Android, was being used by the
NSA to bug all Android cell phone calls), but I don't really buy into
that. It's not that I don't believe the NSA is engaged in broad and
invasive surveillance and spying (I do), but I don't believe SELinux or
SE for Android are being used as tools to that end. I have not used
either on Debian, although I have been thinking about it. Perhaps
someone else has some real experience to share.



More information about the Chugalug mailing list