Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Yeah, have they _seen_ the complexity of SELinux policies? It's no wonder that most administrators dare not touch SELinux. Personally, I usually just pray that it works.
On the other hand, path-based approaches like AppArmor are very easy to use. But they had not gained any traction within the security community. Probably, because it's too easy to use.
LinuxCon: Secure virtualization with sVirt
Posted Oct 12, 2009 2:04 UTC (Mon) by vonbrand (subscriber, #4458)
In Unix, the same object can be accessed by wildly different paths (think links) or can move around, so this won't give much security. That it is easy to use makes no difference if it is easy to bypass.
You also misrepresent the security community: A mechanism that is hard to understand and use won't be secure in practice, and they do know that very well; so they are looking for simple to use mechanisms.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds