Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2006-04-23T05:45:34, [email protected] wrote:

> > AppArmor are not likely to put careful thought into the policies that
> > they use?
> They're not likely to put careful thought into it, *AND* that saying things
> like "AppArmor is so *simple* to configure" only makes things worse - this
> encourages unqualified people to create broken policy configurations.

That is about the dumbest argument I've heard so far, sorry. With the
same argument, these people shouldn't be allowed to admin any computer
system and be given a broom to wipe the floor, and let the experts take
care of the world for them.

Now that's a perfectly reasonable line of thought, and I've most
certainly had it when it comes to HA and clusters myself, but in no
means is it a good reasoning against the _technology_. If it is simpler
to use, it will be simpler to use even for smart people, who can then
put more care into their security profiles instead of worrying about the
complexity.



-- 
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX Products GmbH - A Novell Business	 -- Charles Darwin
"Ignorance more frequently begets confidence than does knowledge"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux