Posted Jul 22, 2004 2:44 UTC (Thu) by AnswerGuy
Parent article: Kernel Summit: Security
SELinux is impossible for mortals to administer!
I would vastly prefer to see the systrace patches applied and defer
most of that complexity to a user space reference monitor.
Of course systrace and SELinux are not mutually exclusive so the small,
relatively simple, systrace patch could be applied and offered as an
option in the mainstream along with SELinux.
As for the auditing patch --- how many of the hooks for auditing can
also be used for dprobes? One would think that many of them would
coincide or overlap.
to post comments)