|
|
|
|
|
|
by aomix
3482 days ago
|
|
|
I do like it when security polices are compiled into the program and like it even better when they are impossible to disable. That way programs avoid getting out of sync with best security practices since they will start crashing for all users/developers. Not just users of X but not Y. However programs that try to work with pledge/capsicum/seccomp/others are great but always going to be in a very small minority. So something like SELinux and Apparmor being able to enforce policies on arbitrary software seems like a necessary seatbelt. |
|
|