App Armor vs SELinux vs .... The ultimate battle.

S. Dale Morrey sdalemorrey at
Thu Feb 6 21:34:17 MST 2014

Alright, my flame proof suit has just arrived from think geek and I think
it's time we had a good old fashioned debate like in the old days.  We
haven't had a really debatable topic in a long time and I'm not trying to
bait anyone here but here are my thoughts...

I've been moaning about SELinux in a few threads for a couple of years.
Someone mentioned AppArmor as an alternative.

Ya know what? I've had app armor on many of my boxes since back in my days
running SuSE something or other where I saw it for the first time.

Never questioned it because it didn't get in the way and I figured it was
some sort of system daemon that I probably ought not bother with.

So is App Armor really an alternative to SELinux?  If so, kudos to the devs
it stays the heck out my way well enough that I've never even bothered to
look it up to see what it does.

Are there any other alternatives?

What are the strengths and weaknesses of each?  Other than being "what my
distro shipped with and or familiarity"  What would be the advantages or
disadvantages of each?

More information about the PLUG mailing list