LSM Tools – AppArmor vs. SELinux and Their Key Differences - Part 4/7
If securing systems is a fortress, understanding the security models and frameworks is knowing who holds the keys and who defines the blueprints. You should know the LSM isn't just a framework; it's extensible via modules like AppArmor and SELinux, each offering unique approaches to Mandatory Access Control (MAC) security approach. But first of all, what's the functionality of this called "MAC"? The Foundation: DAC vs. MAC Traditional UNIX systems rely heavily on Discretionary Access Control (DAC) . Under DAC, access hinges on user permissions (owner, group, other) coupled with corresponding permissions (read, write, execute). The inherent challenge with DAC is its name: access control is discretionary, meaning the secure state of the system relies heavily on the behavior and judgment of the users. So, users have the ability or discretion to modify permissions on their files, for instance, by running chmod via Linux Terminal. However, securing a...
