I am going through some primers on LSM implementations so eventually I am digging a bit into
AppArmor and SELinux.
I am aware of this discussion but this does not make very clear one question I am having in regard to these two LSM implementations:
Is it a fact that:
- SELinux must be applied system-wide (thus the auto-relabeling process on first boot which takes as much time as a filesystem scan)
- AppArmor provides the flexibility to define policies only on those processes / scripts you d' like? - via the interactive auditing process)
(?)
Asked by pkaramol
(3109 rep)
Oct 14, 2018, 07:19 AM
Last activity: Oct 14, 2018, 11:47 AM
Last activity: Oct 14, 2018, 11:47 AM