AppArmour is usually thought to be simpler than SELinux. SELinux is quite complex and may be used even in military applications while AppArmour tends to be simpler. SELinux operates on i-node level (i.e. restrictions are applied in the same way as ACL or UNIX permissions - on the other hand ) while AppArmour apply at path level (i.e. you specify the access based on path so when path changes it may not apply). AppArmour can also protect subproccesses (like mod_php only) but I am somehow skeptical about the real use of it. AppArmour seems to find its way into mainline kernel (it is in -mm IIRC).
I don't know much about SMACK but it looks like simplified SELinux from description. There is also RSBAC if you would like to look at it.
chroot has a limited scope of use and I don't think it would be much of use in a desktop environment (it can be used to separate daemons from access of whole system - like DNS daemon).
For sure, it is worth to apply 'generic' hardening such as PaX, -fstack-protector etc. Chroot you can use when your distro supports so does AppArmour/SELinux. I guess SELinux is better suited for high security areas (it has much better control over system) and AppArmour is better for simple hardening.
In general, I wouldn't bother to harden generic desktop very much, except switching off unused services, update regularly, etc. unless you work in highly-secured area. If you want to secure anyway, I would use what your distro is supporting. Many of them to be effective needs the application support (for e.x. compiling tools to support attributes, written rules) so I would advise to use what your distro is supporting.
Yes you can check /sys/kernel/security
what's available.
See also dmesg or /proc/cmdline
for boot settings.
If your config.gz
available then
zgrep CONFIG_SECURITY /proc/config.gz
else
grep CONFIG_SECURITY /boot/config-`uname -r`
Best Answer
In searching for Linux Security Modules, I came across the wikipedia page, titled: Linux Security Modules.
These are the following LSM's listed there:
Of the modules listed, the first 4, SELinux, AppArmor, Smack, and TOMOYO Linux are the only ones accepted into the official Linux Kernel, since version 2.6.