Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Stephen Smalley ([email protected]):
> On Tue, 2006-04-18 at 14:59 -0500, Serge E. Hallyn wrote:
> > Quoting Alan Cox ([email protected]):
> > > On Maw, 2006-04-18 at 09:50 -0700, Gerrit Huizenga wrote:
> > > > or are there places where a "less than perfect, easy to use, good enough"
> > > > security policy?  I believe there is room for both based on the end
> > > > users' needs and desires.  But that is just my opinion.
> > > 
> > > Poor security systems lead to less security than no security because it
> > > lulls people into a false sense of security. Someone who knows their
> > 
> > Not wanting to make any digs one way or another, but because the culture
> > right now refuses to admit it I must point out:
> > 
> > So does "security" which is too complicated and therefore ends up
> > misconfigured (or disabled).
> 
> Not sure who refuses to admit it, but there is plenty of work in
> progress to improve SELinux useability.  But that doesn't require

Yes, absolutely, some very good work.

I used to think I'd want selinux protecting the TCB, but worried about
user customizations threatening the integrity of the TCB policy.  But
the namespace extension (.) may even allay that fear.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux