Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Lars Marowsky-Bree]

On 2006-04-23T05:45:34, Valdis.Kletnieks@xxxxxx wrote:

> > AppArmor are not likely to put careful thought into the policies that
> > they use?
> They're not likely to put careful thought into it, *AND* that saying things
> like "AppArmor is so *simple* to configure" only makes things worse - this
> encourages unqualified people to create broken policy configurations.

That is about the dumbest argument I've heard so far, sorry. With the
same argument, these people shouldn't be allowed to admin any computer
system and be given a broom to wipe the floor, and let the experts take
care of the world for them.

Now that's a perfectly reasonable line of thought, and I've most
certainly had it when it comes to HA and clusters myself, but in no
means is it a good reasoning against the _technology_. If it is simpler
to use, it will be simpler to use even for smart people, who can then
put more care into their security profiles instead of worrying about the
complexity.



-- 
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX Products GmbH - A Novell Business	 -- Charles Darwin
"Ignorance more frequently begets confidence than does knowledge"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/