| |||||||||||||
Linux security non-modules and AppArmorLinux security non-modules and AppArmorPosted Jun 28, 2007 14:47 UTC (Thu) by jschrod (subscriber, #1646)In reply to: Linux security non-modules and AppArmor by mingo Parent article: Linux security non-modules and AppArmor
Maybe he doesn't need fire-proof doors all the time, but is also not satisfied with a hole in a wall -- sometimes a door itself would be sufficient.
Coming back from your analogy: Implementing "just a door" in SELinux is horrible work, and many users then take the hole in the wall instead, i.e., they shut it off. I see this daily at my customers' installations.
Decisions about security mechanisms are not black and white, like all other security decisions. They are a compromise between effort, risk, and asset value. Sometimes the big hammer SELinux is the tool to use, but there are other situations, too -- and not all of them demand the big hammer.
(Log in to post comments)
|
|||||||||||||