Is virtualisation a viable alternative to MAC ?
Is virtualisation a viable alternative to MAC ?
Posted Aug 1, 2010 13:45 UTC (Sun) by robert_s (subscriber, #42402)In reply to: Is virtualisation a viable alternative to MAC ? by copsewood
Parent article: AppArmor set to be merged for 2.6.36
"Why not give each user that needs protecting from other local users a virtual machine instead?"
Because it's a massive waste of memory, can cause a lot of IO performance problems, and doesn't really solve the problem, just gives up on OS security and pushes the problem one step up the stack.