LinuxCon: Secure virtualization with sVirt

Posted Oct 12, 2009 2:04 UTC (Mon) by vonbrand (subscriber, #4458)
In reply to: LinuxCon: Secure virtualization with sVirt by Cyberax
Parent article: LinuxCon: Secure virtualization with sVirt

On the other hand, path-based approaches like AppArmor are very easy to use. But they had not gained any traction within the security community. Probably, because it's too easy to use.

In Unix, the same object can be accessed by wildly different paths (think links) or can move around, so this won't give much security. That it is easy to use makes no difference if it is easy to bypass.

You also misrepresent the security community: A mechanism that is hard to understand and use won't be secure in practice, and they do know that very well; so they are looking for simple to use mechanisms.