The applications where security is far more important than performance are no less real because other things exists. Consider the firewalls and jump-hosts that mediate administrative access to those 100,000 machines.
General purpose software doesn't mean "ignores requirements that are less important to me, but more important to others" I'd say that something general purpose software seeks to find a blended solution that works acceptably for all cases, and offers options where the needs differ.
There is obviously a maintainability concern with options, but copy from/to checks can be made fairly self-contained far more so than, e.g. the peppering of the codebase that SELinux requires. I'd think that this kind generic boundary hardening is exactly the kind of optional feature a general purpose system should have.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds