Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 23:26 UTC (Wed) by jamesmrh (guest, #31622)
In reply to: Walsh: Introducing the SELinux Sandbox by PaXTeam
Parent article: Walsh: Introducing the SELinux Sandbox

Ok, perhaps I should clarify and always include the caveat that SELinux cannot be expected to protect against kernel vulnerabilities, because it is part of the kernel.

There will always be the possibility of kernel security holes, because:

- all software has bugs
- the kernel is software
- some bugs are security holes

this will *never* not be the case.