Hey, I have put some quite time into creating / fumbling together some AppArmor profiles, thus I will stick to it.
Isn’t just the path based approach of AppArmor perfect to isolate server processes? Isn’t it the main concern, a security breach could allow access to sensitive data outside a service process or to modify data or execute binaries not meant to be accessed? This is just the strength of AppArmor.
What is the question (this being the asking for technical help part of the forums)?
You may well have a valid point – yes, AppArmor is easier to configure – SELinux is granular and has mandatory access control.
There’s quite a bit of material on “the Net” around these issues – a few examples are –
<Core Differences Between SELinux and AppArmor>
<Comparing SELinux and AppArmor:>
<AppArmor vs SELinux:>
The main point made seems to be –
Despite all the discussion around this issue, AFAICS there seems to be a general move to SELinux.
And, consider the numerically largest number of Linux systems on this planet – mobile telephones which are executing the Google Android operating system.
Will AA be kept in openSUSE Leap, or will it become obsolete one time?
Will the user programs of AA, that are not part of the kernel continue to be maintained?
Thanks
Well, it is available in Leap 16.0.
As a “normal” openSUSE user I am not clairvoyant and can not look into the future.