You are right, Flask has successfully implemented the security models that have been around for decades and are tried and true.
Arbitrary security policies are just that. Consider the LSM implementation of securelevels that ended up being more insecure than not having it. Then consider the limitations and bypassability of Apparmor as I explained at http://securityblog.org/brindle/2006/04/19/security-anti-....
If its a choice between reasonable (and working) security models and arbitrary ones that have severe security issues and limitations I'll take Flask.
There might not be a One True Security Model in the security community but quote honestly apparmor isn't even a contestant.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds