March 14th, 2009

Selinux on the job.

Is there a more up to date list of the number of vulnerabilities that SELinux (if enabled) has confirmed or even potentially  would have mitigated than provided by tresys in the Mitigation News feed?

I know Dan Walsh has blogged about some of these items from time to time, but I was wondering if there was a more comprehensive listing of the vulnerabilities that SELinux could be impacting when enabled out of the box on Fedora or RHEL..and more importantly which vulnerabilities targeted policy isn't catching by default because of default booleans as a tradeoff between security and end-user usability. 

And on that note... anyone know if there's something similar done for AppArmor configurations for distributions who enable AppArmor by default?