Comment 6 for bug 236510
Revision history for this message
| Derek Simkowiak (ubuntu-cool-st) wrote | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The quote from Falko Timme that was referenced earlier is this:
Falco Timme> "In my opinion you don't need it [AppArmor] to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem)."
I'm a sysadmin and I agree with him 100%.
To Juergen, who said "Ah, come on, it's not that hard to configure apparmor...", I'd like to point out that your post suggests that all Ubuntu Server users should be forced to fully understand all of:
sys_chroot
aa-logprof
/etc/apparmor.
aa-complain
aa-enforce
/etc/apparmor.
As a sysadmin who actually has to meet production schedules, if I'm given the two options:
a) Learn some big, complicated security system that some dude at Canonical thinks is really great
-vs-
b) /etc/init.
...which do you think I'll choose?
I also find it ironic that AppArmor -- a supposed security layer -- is preventing him from running bind in a chroot, which is a long-established security practice.