Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Aug 2017 13:38:26 +1000 (AEST)
From: James Morris <>
To: Mickaël Salaün <>
cc:, Alexei Starovoitov <>,
        Andy Lutomirski <>,
        Arnaldo Carvalho de Melo <>,
        Casey Schaufler <>,
        Daniel Borkmann <>,
        David Drysdale <>,
        "David S . Miller" <>,
        "Eric W . Biederman" <>,
        James Morris <>, Jann Horn <>,
        Jonathan Corbet <>,
        Matthew Garrett <>,
        Michael Kerrisk <>,
        Kees Cook <>, Paul Moore <>,
        Sargun Dhillon <>,
        "Serge E . Hallyn" <>, Shuah Khan <>,
        Tejun Heo <>, Thomas Graf <>,
        Will Drewry <>,,,,
Subject: Re: [PATCH net-next v7 00/10] Landlock LSM: Toward
 unprivileged sandboxing

On Mon, 21 Aug 2017, Mickaël Salaün wrote:

> ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough?
> The current access control LSMs are fine for their purpose which is to give the
> *root* the ability to enforce a security policy for the *system*. What is
> missing is a way to enforce a security policy for any application by its
> developer and *unprivileged user* as seccomp can do for raw syscall filtering.

You could mention here that the first case is Mandatory Access Control, 
in general terms.

James Morris

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.