Re: The price of SELinux (CPU)

[Valdis . Kletnieks]

On Tue, 04 Oct 2005 16:10:10 EDT, John Richard Moser said:

> > And the other users are users as well - what if the other user's "idiotic
> > action" is to nuke your 500Mbyte archive of alt.binaries.pictures.llama.sex
> > that's taking up the disk space that is keeping him from running the payroll
> > software?  In your world, rather than him being able to fix the problem, he has
> > to go find a sysadmin with the root password to fix it, causing delays and
> > being less friendly....

> Oh sure, except that. . .
> 
> 1)  You shouldn't be screwing with the payroll system
> 2)  You're quota'd on any good setup

Ahem.  You're adding in more "user unfriendly" constraints again. :)
 
> In the end, massive, intrusive security is not exactly the best thing
> for security's sake; but anything you can get away with significantly
> cleanly (i.e. you don't break 99% of the applications on 99% of home
> users' desktops) is worth immediate focus for those who are so inclined.

Good.  Now hand me that crystal ball that lets us know for sure which of
those two categories any given security measure falls into.  How often do
we see "this shouldn't break anything" patches on this list that do, in fact,
manage to break something anyhow?

Attachment: pgp00000.pgp
Description: PGP signature