No more selinux-policy-*-sources
Dennis Jacobfeuerborn
d.jacobfeuerborn at conversis.de
Tue Mar 14 14:33:41 UTC 2006
Jeff Spaleta wrote:
> On 3/14/06, Dennis Jacobfeuerborn <d.jacobfeuerborn at conversis.de> wrote:
>> I've taken a look at AppArmor and it looks like a much more incremental
>> and easier to use solution than selinux. It's not as powerful but all this
>> power doesn't help much if most people will turn off selinux anyway because
>> it gets in the way. Has anyone heard of any efforts trying to port it over
>> to Fedora?
>
> My understanding is that it still requires kernel patches which are
> not in the mainline kernel yet. If you want to use it.. you'll have to
> use a patched kernel. Snowball's chance in hell the Fedora kernels are
> going to include apparmor specific patches that should be going into
> mainline kernel for everyone to use. You want to see it ported and
> see it available in Fedora Extras... then go chew the novell
> developers ears off about getting the required kernel patches into the
> mainline kernel. Please go read up in the lkml archives about
> Immunix's SubDomain (newly renamed as Novell AppArmor) to gain insight
> on where in the process things are to get Immunix's..err i mean
> Novell's kernel patches into the mainline kernel.
Maybe I should have chosen my wording more carefully. When I said "port it
over to Fedora" I meant to ask if someone is providing the necessary
packages to run AppArmor on Fedora. It looks like an interesting technology
to me but to determine if it's really useful I'd first have to actually
test it and such packages would help doing that. I'm very aware that any
sort of official inclusion into Fedora is quite unlikely even in the
midterm future.
Regards,
Dennis
More information about the fedora-devel-list
mailing list