Thread (34 messages) 34 messages, 5 authors, 2017-09-02

Re: [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing

From: James Morris <jmorris@namei.org>
Date: 2017-08-28 03:39:42
Also in: linux-security-module, lkml, netdev

On Mon, 21 Aug 2017, Mickaël Salaün wrote:
## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?

The current access control LSMs are fine for their purpose which is to give the
*root* the ability to enforce a security policy for the *system*. What is
missing is a way to enforce a security policy for any application by its
developer and *unprivileged user* as seccomp can do for raw syscall filtering.
You could mention here that the first case is Mandatory Access Control, 
in general terms.



-- 
James Morris
[off-list ref]
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help