Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Matthew Garrett
Date: Wed Feb 13 2013 - 20:04:56 EST
On Wed, 2013-02-13 at 16:44 -0800, Casey Schaufler wrote:
> If you want that sort of granularity throw yourself on the SELinux
> bandwagon. Fine grained capabilities are insane and unmanageable
> and will only lead to tears. Security is despised because of the
> notion that making systems impossible to use is a good thing.
SELinux is completely unusable for this specific case.
--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
èº{.nÇ+·®+%Ëlzwm
ébëæìr¸zX§»®w¥{ayºÊÚë,j¢f£¢·hàz¹®w¥¢¸¢·¦j:+v¨wèjØm¶ÿ¾«êçzZ+ùÝj"ú!¶iOæ¬z·vØ^¶m§ÿðÃnÆàþY&