Awesome. I might have to pick up one of those shirts. So digging into this a bit further, it looks like SELinux is a much more active project than AppArmor: https://github.com/SELinuxProject/selinux The NSA still appears to be the primary coordinator.
Whereas in AppArmor Land: http://wiki.apparmor.net/index.php/Gittutorial http://kernel.ubuntu.com/git/?q=apparmor https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git/ https://bugs.launchpad.net/ubuntu/+source/apparmor/+bugs https://www.cnet.com/news/novell-lays-off-apparmor-programmers/ I really am confused by how AppArmor is developed now. John seems to be the main (only?) developer on that project? It is really hard to get real transparency on "what's going on with these packages". I thought google and some other big companies launched a fund critical infrastructure initiative after Heartbleed happened. It would be really nice to get a dashboard or some kind of bulletin site up that better tracks these kinds of packages. I could also use a usecase for tracking systemd vs upstart etc, so who knows. On Thu, Mar 23, 2017 at 9:53 AM, Kent Perrier <[email protected]> wrote: > https://stopdisablingselinux.com/ :D > > I can only speak to RHEL, but selinux had gotten a lot easier to set up > with RHEL/CentOS 7. Something gets stepped on by SELinux? Look at > /var/log/messages. It pretty much gives you the command to run to allow it > to work. > > On Thu, Mar 23, 2017 at 11:39 AM, andrew mcelroy <[email protected]> > wrote: > >> So to further expand this conversation: >> https://www.cnet.com/news/novell-lays-off-apparmor-programmers/ >> http://wiki.apparmor.net/index.php/Gittutorial >> >> https://security.stackexchange.com/questions/29378/ >> comparison-between-apparmor-and-selinux >> >> grsecurity seems to have fallen out of visibility. >> >> >> >> >> On Thu, Mar 23, 2017 at 9:23 AM, Howard White <[email protected]> wrote: >> >>> A worthy discussion, indeed. >>> >>> I get [ bemused | frustrated ] by the "happy talk how-tos in which the >>> first instruction is kill off SELinux. Is SELinux a pain? Yes. Can it be >>> made to work? Yes. Is it effective? I have NO idea... >>> >>> Howard >>> >>> >>> On 03/23/2017 11:11 AM, andrew mcelroy wrote: >>> >>>> Greetings NLUG, >>>> >>>> A recent debate that I am currently having is revolving around using SE >>>> Linux in an hardened environment. If anyone on this list deals with >>>> Government/Military/ Security Critical systems, I have a question. >>>> >>>> How wide spread is SELinux or has AppArmor won the day? >>>> What are your current best practice guides/resources for hardening a >>>> Linux server. >>>> >>>> Thanks. >>>> >>>> Respectfully, >>>> Andrew McElroy >>>> >>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To post to this group, send email to [email protected] >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected] >>>> <mailto:[email protected]>. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at http://groups.google.com/group >>> /nlug-talk?hl=en >>> >>> --- You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at http://groups.google.com/group >> /nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to nlug-talk+unsubscribe@ > googlegroups.com > For more options, visit this group at http://groups.google.com/ > group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
