On Mon, 2006-04-17 at 18:44 -0700, Gerrit Huizenga wrote:
> On Mon, 17 Apr 2006 23:55:25 BST, Christoph Hellwig wrote:
> > On Mon, Apr 17, 2006 at 03:15:29PM -0700, Gerrit Huizenga wrote:
> > > configure correctly that most of them disable it. In theory, LSM +
> > > something like AppArmour provides a much simpler security model for
> >
> > apparmor falls into the findamentally broken category above, so it's
> > totally uninteresting except as marketing candy for the big red company.
>
> Is there a pointer to why it is fundamentally broken? I haven't seen
> such comments before but it may be that I've been hanging out on the
> wrong lists or spending too much time inhaling air at 30,000 feet.
See the last para of the Useability discussion from the SELinux summit
minutes:
http://www.selinux-symposium.org/2006/summit.php
(re a proposal for pathname-based configuration in SELinux, and why it isn't a good idea)
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]