Ubuntu – Is it a bad idea to run SELinux and AppArmor at the same time


My corporate policy says that Linux boxes must be secured with SELinux (so that a security auditor can check the 'yes, we're extremely secure!' checkbox for each server). I had hoped to take advantage of Ubuntu's awesome default AppArmor security. Is it unwise to run both Apparmor and SELinux? (If so, can this bad idea be mitigated with some apparmor and/or selinux tweaks?)

Best Answer

The Linux Kernel provides the Linux Security Module interface, of which SELinux and AppArmor are both implementations of. (Others include TOMOYO, Smack, ...) This interface is designed currently to only allow a single LSM to be operational at a time. There is no way to run two simultaneously, so you must choose one. There has been discussion from time-to-time about how to "stack" multiple LSMs, but this has not been done yet.

Related Question