Originally Posted by
archolman
Having said that, if Apparmor & SELinux came with a comprehensive GUI, I would be using one of those.
You obviously have not tried Fedora 14 as it comes with selinux enabled and as comprehensive a gui as you would want.
The gui tools notify you of alerts and as a part of the alert they (usually) include the necessary steps to resolve the problem. Sometimes at the click of a button, sometimes running a command.
On my F14 desktop I have not had to do anything with selinux configuration, it works out of the box.
You will get alerts if you do something unexpected (such as install an application form source code or run a service on a non-standard port), but the graphical tools will walk you through the fix most of the time.
In addition to the alerts, there are graphical tools to modify the selinux policies, if you feel you need to. Typically this would be setting a Boolean allowing you to serve a file or directory samba or nfs share through apache. Something like that would be unusual but you can make the necessary modifications via the graphical interface.
The advantage of Fedora 14 is that
1. There are working policies out of the box.
2. The policies are quite mature and most users do not nee dto modify them.
3. When there is a problem you can almost always manage them from the graphical tools.
For Apparmor, on Ubuntu, simply install the apparmor profiles:
Code:
sudo apt-get install apparmor-profiles
There is already a profile for firefox and it works for most people without further intervention.
Unfortunately there are insufficient graphical tools to manage apparmor in Ubuntu.
The advantage of apparmor is that it is faster to learn.
The disadvantages are that:
1. The profiles are less mature then selinux (or lacking) meaning users need to spend time modifying or writing policies.
2. There is a lack of graphical tools to manage apparmor.
Bookmarks