Comparison Between AppArmor and Selinux
These security systems provide tools to isolate applications from each other... and in turn isolate an attacker from the rest of the system when an application is compromised.
SELinux rule sets are incredibly complex but with this complexity you have more control over how processes are isolated. Generating these policies can be automated. A strike against this security system is that its very difficult to independently verify.
AppArmor (and SMACK) is very straight forward. The profiles can be hand written by humans, or generated using aa-logprof
. AppArmor uses path based control, making the system more transparent so it can be independently verified.
the insanitybit link is to my website. I'd just like to justify my opinion on here :)
If you look at SELinux and Apparmor, they are both strong and weak in the same ways. SELinux is "stronger" in that it can get even more finely grained access to files, but what does that gain an attacker over being in an apparmor profile? You're already significantly restricted in an apparmor profile. So, do you truly gain much more with SELinux?
What you do gain with SELinux (especially for policy creation, much moreso than auditing - though audit-to-allow is painful too) is added complexity. A lot of it.
The path of least resistance in a Linux sandbox, such as SELinux or Apparmor, is the kernel. SELinux does nothing more than Apparmor to secure the kernel.
So if an attacker wants to go the stupid route of going for design issues in Apparmor/SELinux, SELinux is potentially more secure - but that assumes the profiles are built well, and, since SELinux is so complex, we've actually seen vulnerabilties introduced with it.
If an attacker is smart they'll go for the kernel, bypassing both.
So they are both weak in the same ways, both strong in every way that matters, and one of them is MUCH simpler.
Voila.
The butterknife metaphor doesn't work, that should be obvious.
AppArmor is more secure through its simplicity which makes it easier to review and validate policies. Mistakes are less likely to make, easier to spot, and a backdoor attempt is harder to disguise.