|
|
|
|
|
|
by zozbot234
1515 days ago
|
|
|
> AppArmour assumes everything is allowed unless it is explicitly denied by policy No, AppArmor uses a whitelist approach as well for its profiles. "Deny" rules are used in exceptional cases. > SELinux also supports interesting things like applying security levels and contexts to data, so you can have data that is only accessible to appropriatly cleared users in one department but not to people with similar clearances in other departments. AppArmor has subprofiles and variables that can be used for this approach. |
|
|