On 2017-11-28.19:54, Christoph Hellwig wrote: > It's just a bad idea of a security model that implements ad-hoc > and mostly path based restrictions instead of an actually verified > security model. Using that by default makes it much harder to actually > use a real MAC based security model, which not only is required for > various security sensitive deployments but also a good idea in general. I am not an expert, but I thought that AppArmor was also considered a MAC implementation. Can you provide more information on the verification of SELinux? -- Regards, Scott.
Attachment:
signature.asc
Description: PGP signature