SELinux seems powerful and is a pretty interesting from the perspective of uniform system-wide sandboxing, but... Every time I try touching it, I see thousands of concepts that probably can be simplified. And lets be honest, you cannot only rely on distribution-provided policies. Sooner of later you will need to write your own or patch distribution-provided ones.

And oh, do not undervalue Unix DAC, especially when extended by POSIX ACL.

· · Web · 0 · 0 · 1
Sign in to participate in the conversation
Puppo Space

A general furry public instance. You don't have to be a furry to join. Any and all topics are fair game provided they do not conflict with the Code of Conduct.