|
|
|
|
|
|
by falcolas
4172 days ago
|
|
|
Like AppArmor, or SELinux, or any of the other applications which have their hooks in the LSM? They do a fantastic job of this, if you can figure out how to use them. The truth is that they are too hard for even your average Sysadmin to configure & manage, let alone your average desktop user. setenforce=1 (yeah, right). |
|
|
I’d like to see the industry moving in that general direction, though. Even a much simpler model could bring real benefits relative to the status quo, where in application terms our current security model is analogous to everything being root.