| If you call secure an OS which can crash process without giving meaningful errors. I have lost hours debugging mysterious crashes because of SELinux, and it is really not safe to have components unexpectedly crashing when they are part of your core infra. Plus I guess that like every security frameworks it runs with priviledge, it has a lot of lines of code, is hard to audit, and thus highers the surface of vulnerability. Hint: they use for instance strcmp a lot http://stackoverflow.com/questions/24353504/whats-wrong-with... Their code mixes if(){} with the if() else (without braces) They are sometimes using enums, sometimes #define sometimes magic values to refer to constant values. You should really read the source code. Definitively above the average of C code in the wild, still having well known code smell. I would like to see if PVS studio could confirm my intuition. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.... |