Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170603162231.GA20590@openwall.com>
Date: Sat, 3 Jun 2017 18:22:31 +0200
From: Solar Designer <solar@...nwall.com>
To: Greg KH <greg@...ah.com>
Cc: Matt Brown <matt@...tt.com>, kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v1 1/1] Add Trusted Path Execution as a stackable LSM

On Sat, Jun 03, 2017 at 05:59:20PM +0200, Greg KH wrote:
> But for those systems, and this feature as well, can't a "simple"
> apparmor policy do the exact same thing?  Also, I'm sure the SELinux can
> do this as well, but I don't know the config language there as well.
> 
> So I think this is already a feature that is supported, it just takes a
> bit more configuration work on the admin.

Yes, that's "a bit" more effort up to the point where almost(?) no one
would bother.  Sometimes simple features can reasonably co-exist with
more general frameworks that could also be used to achieve the effect.
So I don't view this as a sufficiently good argument against TPE as a
feature on its own.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.