User: Password:
Subscribe / Log in / New account

Snet and the LSM API

Snet and the LSM API

Posted Jan 29, 2009 4:18 UTC (Thu) by pragmatine (guest, #39557)
In reply to: Snet and the LSM API by pragmatine
Parent article: Snet and the LSM API

One more comment about PULSE - the thing I want to emphasise is this is a general framework for allowing normal users to exercise mandatory access controls over their own processes, and so it is much more flexible than all the existing frameworks (SELinux, AppArmor, SMACK etc) which only allow the system administrator to define access controls for ALL users. PULSE allows different users to give their applications different permissions, since it is user-specific, and user-centric. It is also highly dynamic (allowing decisions to be made on the fly and also revoked on the fly), compared to SELinux etc which are based upon static security policies - hence it is much more oriented to desktop usage compared to SELinux etc which are more suited to servers which perform well-defined, static operations.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds