From the article, it seems LSM is seen as a way to restrict a user's rights from an original set, where I think it should be a way to say who can do what. Each user could then have a tick-box kind of configuration, which is in fact similar to making a user part of a group to give them access to a category of devices. But I suppose the all idea now would be to say like: user A cannot access /dev/sda* (the hard disk), but can access /dev/sdb* (a USB key that is known to belong to them). Correct?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds