> > Crispin at least is providing genuine discussion points. Sarbox has
The moment they load a module from a third party they usually hit support
issues, unless there is some kind of arrangement between the parties.
Frankly I don't care about apparmor, I don't see it as a serious project.
Smack is kind of neat but looks like a nicer way to specify selinux rules.
What I do care about is that at some point something is going to appear
which is based on all the same good practice and experience and forty
years of research that leads towards SELinux, and which is much better. At
that point there will be a changeover phase and the LSM is exactly what
is needed for this.
The fact it allows people to play with toy security systems, propose new
ones like SMACK, and do research and PhD work on Linux into security is a
convenient and very good side effect.
For that reason I think keeping LSM is the right thing to do.
Alan
-