The threat model seems a bit like fearmongering. Sure, if your container gets breached and attacker can (on some occasions) break out of it, it’s a big deal. But how likely that really is? And even if that would happen isn’t the data in the containers far more valuable than the base infrastructure under it on almost all cases?
I’m not arguing against SELinux/AppArmor comparison, SElinux can be more secure, assuming it’s configured properly, but there’s quite a few steps on hardening the system before that. And as others have mentioned, neither of those are really widely adopted and I’d argue that when you design your setup properly from the ground up you really don’t need neither, at least unless the breach happens from some obscure 0-day or other bug.
For the majority of data leaks and other breaches that’s almost never the reason. If your CRM or ecommerce software has a bug (or misconfiguration or a ton of other options) which allows dumping everyones data out of the database, SElinux wouldn’t save you.
Security is hard indeed, but that’s a bit odd corner to look at it from, and it doesn’t have anything to do with Debian or RHEL.
Are the default policies good though? There’s some collaboration between Fedora and Tumbleweed for SELinux policies, I imagine even more now since Tumbleweed plans to move to SELinux in the near future and derivatives like Aeon are already using SELinux.
The author is talking about the server use-case here but it’s not any better for desktops either. I think it boils down to the fact that neither of these operating systems are designed for a single-user world like Android (or any other modern mobile OS) and so these security solutions are shoehorned into a world where they don’t really fit into. Because those (server or desktop) programmes have different set of expectations about what’s available to them, than say, an Android app that knows that it has to ask for permission first.
Ok, aside from Android, I’ve yet to see any serious usage of SELinux in the real world and I’ve been working on cloud tech for years. Acknowledged issues such as complexity aside, it’s really just that much less relevant in a modern, single purpose environment such as Docker/kubernetes/cloud functions/etc
And it’s not. SELinux is much more secure, however much more complex. Although AppArmor also do the job, despite being easier to workaround it. But I don’t think this is a good argument against Debian.
unix.foo
Hot