User: Password:
Subscribe / Log in / New account

LSM stacking (again)

LSM stacking (again)

Posted Jun 24, 2010 8:04 UTC (Thu) by michaeljt (subscriber, #39183)
In reply to: LSM stacking (again) by raven667
Parent article: LSM stacking (again)

My personal problem with SELinux is that it tries to solve all problems with one solution (which seems to rather run against what many would call the "*NIX tradition"). I think that having individual components attacking individual issues that SELinux addresses (off the top of my head, sandboxing and controlled privilege escallation, but I'm definitely no security expert) might have the potential to be a lot simpler.

On the other hand, SELinux is there now, and has the advantage that it is reasonably transparent to the developer, so they don't really need to understand much about how SELinux policy works when they write their application. At the worst, if it is a third-party product, some poor person working on the installer has to worry about that.

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds