Re: recommends for apparmor in newest linux-image-4.13

[Theodore Ts'o <tytso@mit.edu>]

On Wed, Nov 29, 2017 at 11:51:55AM -0800, Russ Allbery wrote:
> Michael Stone <mstone@debian.org> writes:
> > On Tue, Nov 28, 2017 at 08:22:50PM -0800, Russ Allbery wrote:
> 
> >> Ubuntu has successfully shipped with AppArmor enabled.
> 
> > For all the packages in debian? Cool! That will save a lot of work.
> 
> Yes?  I mean, most of them don't have rules, so it doesn't do anything,
> but that's how we start.  But indeed, Ubuntu has already done a ton of
> work here, so it *does* save us quite a bit of work.

The fact that AppArmor doesn't do anything if it doesn't have any
rules is why we have a chance of enabling it by default.  The problem
with SELinux is that it's "secure" by the security-weenies' definition
of secure --- that is, if there isn't provision made for a particular
application, with SELinux that application is secure the way a
computer with thermite applied to the hard drive is secure --- it
simply doesn't work.

Every few years, I've tried turning on SELinux on my development
laptop.  After it completely fails and trying to make it work just
work for the subset of application that I care about, I give up and
turn it off again.  Having some kind of LSM enabled is, as far as I am
concerned, better than nothing.

(And I speak as someone who chaired the IP Security working group at
the IETF, and was the technical lead for the MIT Kerberos V5 effort.
If admitting that I'm too dumb or don't have enough patience to figure
out how to make SELinux work on my development laptop means that
someone is going to revoke my security-weenies' union card, I'm happy
to turn it in....)

						- Ted