Re: [PATCH] x86: Lock down MSR writing in secure boot
From: Matthew Garrett
Date: Wed Feb 13 2013 - 20:04:56 EST
On Wed, 2013-02-13 at 16:44 -0800, Casey Schaufler wrote:
> If you want that sort of granularity throw yourself on the SELinux
> bandwagon. Fine grained capabilities are insane and unmanageable
> and will only lead to tears. Security is despised because of the
> notion that making systems impossible to use is a good thing.
SELinux is completely unusable for this specific case.
Matthew Garrett | mjg59@xxxxxxxxxxxxx