SELinux resources
Novell recently cranked up their marketing machine for AppArmour, claiming its technical design provides for greater ease of administration, development & customization than found with SELinux. While AppArmour FAQ admits that SELinux’s model of file security labels is superior to their own path based control, it makes the dubious assertion that a labelled security model is harder to administer. While it is true that the tools for SELinux did not previously provide an easy way to change the specs for file labels, as I previously discussed the introduction of the semanage
tool in Fedora Core 5 has changed all that. It is now trival to update file security label definitions. So at this time any problem with SELinux is not one of design or implementation, but rather documentation & awareness of the progress made in SELinux development over the past 2 years or so. To that end here are a selection of useful documentation resources