Seems good for the cloud, where a lot of people share the same machine.
Announcement
Collapse
No announcement yet.
Kernel Lockdown: Tightening Up Linux Kernel Access From User-Space
Collapse
X
-
Originally posted by ldo17 View PostNo it isn’t. Better for what? Security is a means to an end, not an end in itself.
Which end? Is this only something for servers? Is it relevant for non-UEFI SecureBoot systems?
Originally posted by ldo17 View PostHas your “experience” been impacted much by the coming of SELinux or AppArmor?
But the key question is: Is this patchset intended for desktop systems? Please share your knowledge, there are other users with the same questions:
Originally posted by andrei_me View PostWhat is the use-case for this? What problem this is trying to solve? Who will benefit from this?
Comment
-
Originally posted by andrei_me View PostWhat is the use-case for this? What problem this is trying to solve? Who will benefit from this?
- Likes 1
Comment
-
Originally posted by lowflyer View PostWhich end? Is this only something for servers?
Is it relevant for non-UEFI SecureBoot systems?
Of course it's not that hard to twart that (like by keeping the /boot with kernel and all on a read-only media (I mean hardware read-only, with a flip switch or something, there are some USB keys that offer that hardware switch).
I vividly remember not being able to configure email clients after SELinux. AppArmor was such a "smooth" user experience that I wonder whether it actually does something.
AFAIK AppArmor gets more love from distro mantainers in Debian/Ubuntu, OpenSUSE, while SELinux is favoured by the other camp (RHEL and derivatives).
Comment
Comment