I see that we can broadly divide LSM hooks into: filesystem, network, CPU resources, misc.
So we can specify: "First use AppArmor to check filesystem access, but use SeLinux to check security labels on network packets".
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds