> > the 'hard shell, soft center' approach isn't as secure as 'full > hardening' (assuming that both are properly implemented), but the fact > that it's far easier to understand and configure the hard shell means that > it's also far more likly to be implemented properly. I can certainly see value in a "take away degrees of freedom" approach. In fact many security approaches are just that, and that's just fine with me, and clearly of value. There is a distinction between really taking away a degree of freedom and just appearing to do so + easy workaround. Which is why we're having this discussion, to make sure AppArmor is of the former type ;) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Crispin Cowan <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Ken Brush" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Ken Brush" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Lars Marowsky-Bree <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Serge E. Hallyn" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: "Serge E. Hallyn" <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: David Lang <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Prev by Date: RE: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
- Next by Date: Re: Van Jacobson's net channels and real-time
- Previous by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Index(es):
 |