Which LSM do you use with gentoo ?

[pietinger]

... and what are your experiences with it?


I am not interested in YAMA or Kernel Lockdown, but only in the MAC modules: SELinux, AppArmor, Smack or Tomoyo.

I've looked at these 4 and want to write an installation guide for beginners.

The installation of these 4 modules is very easy. So the main problem is the profiles.

I have the following requirements:

1. Little effort! Even if Tomoyo's learning mode is very interesting, the effort is too high. Preset profiles are easier to copy.
2. I want to understand my system and understand what is happening in the profiles.

Therefore I believe (= not knowing) that only AppArmor or Smack are suitable.

I would be very happy if you also write which profiles you are using and how you created them.


Have a good time,
Peter