[kernel-hardening] [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
James Morris
jmorris at namei.org
Mon Aug 28 03:38:26 UTC 2017
On Mon, 21 Aug 2017, Mickaël Salaün wrote:
> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
>
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.
>
You could mention here that the first case is Mandatory Access Control,
in general terms.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list