Why is AppArmor not enabled?

GrapheneOS / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.

https://grapheneos.org/

Other

390 stars 102 forks source link

Why is AppArmor not enabled? #67

Closed francoism90 closed 6 years ago

francoism90 commented 6 years ago

SELinux is, why not also enable AppArmor? :)

thestinger commented 6 years ago

This project doesn't enable or disable either AppArmor or SELinux. It's not something decided here.

It is true that linux-hardened will be developed solely with usage alongside a full system SELinux policy in mind. It won't be including features that can be implemented via SELinux policy so unfortunately you'll be missing out on many important security features without it.