For example, Linux containers with PID and network namespaces are a superior alternative to gresecurity 'anti-chroot-jailbreak' features and simple restriction of netstat to root user.
Though I agree, the kernel needs one coherent set of hook points that can be used to implement different kinds of security (MAC, RBAC).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds