Web lists-archives.com

Re: recommends for apparmor in newest linux-image-4.13

On Nov 28, Christoph Hellwig <hch@xxxxxx> wrote:

> It's just a bad idea of a security model that implements ad-hoc
> and mostly path based restrictions instead of an actually verified
> security model.  Using that by default makes it much harder to actually
> use a real MAC based security model, which not only is required for
> various security sensitive deployments but also a good idea in general.
This may be true, but OTOH nobody cared enough about SELinux to actually 
make it work out of the box in Debian.
So, for the time being I would gladly accept an inferior solution.


Attachment: signature.asc
Description: PGP signature