|
|
|
|
|
|
by mrweasel
657 days ago
|
|
|
Pledge and Unveil makes a ton of sense, because it moves the responsibility to the developer who should know the application better than the systems administrator. Sometimes, when the developers make a mistake, which is unavoidable in a large project, it is nice to be able lock down applications as the administrator.I just don't think SELinux is the right tool, because the chance of you making a mistake in the configuration is pretty high. The functionality is there, but it needs to be easier to write policies and maybe that comes at the cost of some flexibility. |
|
|
On the other hand, the administrator knows their system better than the developer. There could be certain network connections or file paths that you want to block on one system but not on another.