• 1

contrary intention

(Anonymous)
From my opinion, everytime we need "alternative".
For example, even if in mail server, there are many servers
like sendmail, postfix, qmail, etc. And many of users are
choosing whichever they want.

Re: contrary intention

(Anonymous)
That's fine for an application like a mail server. It doesn't work so well for the underlying kernel security model, which needs to be consistent in order to people to sanely develop applications and administer systems. With an arbitrary set of potential kernel security models possible on any given platform, application developers will just ignore everything but the lowest common denominator (i.e. the existing Linux DAC mechanism).

Re: contrary intention

(Anonymous)
I use Grsecurity (more comparable to AppArmor, I suspect) to restrict the operations a process _may_ do, and what other users/processes may do to it. I don't expect it to know or care that Grsecurity is implementing a more restrictive model than DAC.

  • 1
?

Log in