|
|
|
|
|
|
by fleventynine
649 days ago
|
|
|
With the sheer volume of local exploits found in the Linux kernel, I don't really consider these SELinux/AppArmor mitigations to be that useful. Sure, they reduce the attack surface a bit, but if I actually need isolation between workloads, it's best to do it below the kernel (with a VM). If an attacker gets execution in userspace, it's best to assume they can also get into the kernel via some 0-day local privilege escalation... |
|
|