On Sat, 2003-11-29 at 04:05, Martin Pitt wrote: > SELinux only uses LSM which makes it easy to port, but seems > impractical and even dangerous for real-world use [1][2]. The main complaint on those pages seems to be that LSM is only focused on access control. You may or may not regard that as a flaw, but you can get an enormous amount of security (as SELinux has demonstrated) with pure access control. SELinux is quite practical, as the number of people using it demonstrates. As for "dangerous" - that's just total crap. If someone has the capability to install a rootkit at all, your system is totally lost.
Attachment:
signature.asc
Description: This is a digitally signed message part