On Thu, 07 May 2009 19:36:38 -0500, Rajko M. wrote:
On Thursday 07 May 2009 10:58:34 am Jim Henderson wrote:
Sure, but a comprehensive security policy would do both - do what is reasonable to prevent the app from being installed, but if the app does somehow get installed, prevent it from talking to the outside world.
In other words, multilayer security.
Precisely. :-)
The ZA is actually good example, although advertised as firewall, it is more like AppArmor and Firewall with friendly face.
It was long ago that I used it, but so far I recall, in last incarnation it was able to control any resource application is trying to use, including local, like libraries. Which is pretty much what AppArmor is meant to do.
That level was a pain to configure for applications that ZA wasn't preconfigured, which is specially problematic in closed source world.
So perhaps a good "solution" would be further enhancement and simplification of the AppArmor administrative interfaces with an eye towards making those interfaces usable for people who don't spend their lives in front of a computer. :-) Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org