Talk:AppArmor

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Software / Computing  (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Linux (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Linux, a collaborative effort to improve the coverage of Linux on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
 

NPOV?[edit]

I do not believe this section and its companion in Security-Enhanced_Linux represent a neutral point of view, but instead both appear to be written to promote the view that SELinux's object-based model is preferable to AppArmor's path-based model. Furthermore, I do not see what this discussion contributes in terms of information to either article. I would suggest simply deleting the "Criticism" section and simply have each article mention that an alternative approach exists. (See Talk:Security-Enhanced_Linux for additional discussion.)

Jcarnelian 23:53, 4 May 2007 (UTC)

I wrote the criticism section of this page, and I am the main AppArmor architect. I did it to provide balance, so the Criticism section is pretty much an unquestioning summary of what I have seen critics say about AppArmor. Ideally, I would like an actual critic of AppArmor to revise the Criticism section. My view of fair debate would be to let any factually correct text in Criticism stand, and rebutt it elsewhere.

Similarly, I would hope that the SELinux people would let stand factually valid criticisms in the Criticism section of their entry.

Crispincowan 19:00, 6 June 2007 (UTC)

OK, I tried rewriting the Criticism section from a NPOV. What do you think?

Jcarnelian 11:46, 15 July 2007 (UTC)

Best Approach Debate[edit]

I think the part this part is false, since unix and linux employ only inode-based and never path-based access control (apparmor is a path-based attempt): "While there has been considerable debate about which approach is better, there is as yet no strong evidence that either approach is preferable. Discussion about their relative merits often revolves around which approach is more aligned with existing UNIX/Linux access control mechanisms, but UNIX and Linux use a combination of path-based and inode-based access control"

Hard to imagine what the "evidence" would be apart from pointing out the conceptual incompatibility of apparmor vs unix filesystems which ultimately makes apparmor unsound. this has been done numerous times on mailing lists...

Reference 7 is erroneously attributed to "James Corbet" - should be "Jonathan Corbet" http://en.wikipedia.org/wiki/Jonathan_Corbet

^ James Corbet (2010-10-20). "The 2.6.36 kernel is out". http://lwn.net/Articles/409810. —Preceding unsigned comment added by 216.191.234.70 (talk) 19:32, 7 March 2011 (UTC)

- anonymous coward  —Preceding unsigned comment added by 80.75.107.201 (talk) 05:20, 22 October 2009 (UTC) 

"Conceptual incompatibility with the UNIX file system"? Who cares? What matters is what actually needs to be protected. For example, the specific inode associated with /etc/passwd is irrelevant; whatever is at that path is used as the password file. The fact that UNIX path-based protections are so limited right now is all the more reason to add path-based protection mechanisms, because most UNIX programs actually already make security-related assumptions based on path, not inode. Jcarnelian (talk) 02:28, 21 April 2011 (UTC)

Out of Date Remark[edit]

The "Out of Date" box was introduced by the following revision:

16:45, 30 October 2010 99.231.218.239 (8,376 bytes) (out of date - no info about canonical/launchpad, the lede makes the project sound dead (it isn't))

Added reference to canonical's work. Updated stable release info. Guess this issue is fixed. --188.98.126.254 (talk) 11:42, 20 September 2011 (UTC)

Screenshot[edit]

Does AppArmor come with a UI that could be shown in a screenshot? Regards, [IP] — Preceding unsigned comment added by 94.217.250.203 (talk) 15:31, 24 November 2011 (UTC)

No, each distribution has its own AppArmor configuration GUI (or none at all). --79.214.137.231 (talk) 13:45, 24 October 2012 (UTC)