Linux security non-modules and AppArmor
Posted Jun 28, 2007 14:47 UTC (Thu) by jschrod
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
Maybe he doesn't need fire-proof doors all the time, but is also not satisfied with a hole in a wall -- sometimes a door itself would be sufficient.
Coming back from your analogy: Implementing "just a door" in SELinux is horrible work, and many users then take the hole in the wall instead, i.e., they shut it off. I see this daily at my customers' installations.
Decisions about security mechanisms are not black and white, like all other security decisions. They are a compromise between effort, risk, and asset value. Sometimes the big hammer SELinux is the tool to use, but there are other situations, too -- and not all of them demand the big hammer.
to post comments)