Government Computer News
Users of SELinux now have a choice on security
And it’s causing a rift in the open-source community
The release of a new open-source security package has sparked debate over how many Mandatory Access Control applications Linux really needs, and if more than one would just dilute volunteer efforts.
Digg
De.licio.us
Slashdot
Technorati
Novell Inc. of Provo, Utah, recently released the source code for its recently acquired Linux security application, AppArmor. It also set up a project site in hopes of attracting outside developers to further refine the program.
MAC software tackles the growing problem of applications executing malicious tasks on their host systems. It keeps profiles of routine actions that each application on a computer usually takes. When a program starts behaving in an unusual fashion, the MAC software can call on the operating system to halt that errant operation.
Novell has stressed that AppArmor is easier to use than SELinux, another MAC program first developed by the National Security Agency. Novell admits that SELinux tackles mandatory access control with more rigor than AppArmor, but questions if most users really need that degree of protection.
“There needs to be a better way to deploy [MAC] so that the average systems administrator doesn’t need to go through three weeks of training,” said Frank Rego, products manager for Novell.
Some observers fear that the AppArmor project will fracture the open-source development community around the demanding science of MAC. SELinux has a vibrant user community, with input from companies such as Red Hat Inc. of Raleigh, N.C., Mitre Corp. of Bedford, Mass., and Tresys Technology LLC of Columbia, Md., as well as support from NSA itself.
“In my opinion, Novell wants to split the market,” said Dan Walsh, the principal software engineer of Red Hat. Both Red Hat and Novell offer enterprise-class Linux distributions. “Rather than working with the open-source community [on SELinux], Novell has thrown out its own competing version.”
Novell acquired AppArmor last May when it purchased Immunix Inc. The chief component of AppArmor is a module that must be added to the Linux kernel. Those who don’t want to recompile the kernel can install Novell’s SuSE Linux 10 desktop Linux distribution, as well as SuSE Linux Enterprise Server 9 Service Pack 3, both of which have AppArmor preinstalled.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
