[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop
Ted Gould
ted at gould.cx
Mon Jan 28 12:03:31 CST 2008
On Fri, 2008-01-25 at 18:37 -0600, Chris Cox wrote:
> AppArmor is simple... but may die just because.
Perhaps, the reality is that if you have SELinux, AppArmor is really a
subset.
> SELinux... sheesh...
> must die.
Is unlikely to ever happen as many Gov't contracts require this level of
security. I actually believe that this level of security will catch on
in corporate culture as soon as "CEO Magazine" publishes an article
something like this:
IT worker finds out about layoff by reading CEO's e-mail.
-- or --
Whistle blower in IT department tells police how truly evil executives
are by reading their e-mail.
They'll want a security policy that allows someone to administer a
machine without being able to read the data on it.
> We'll have to see how PolicyKit comes out. I may be
> very useful. Or it could be the UCE of Linux, not enough
> benefit to be useful (especially if painful to configure or if
> it doesn't make sense).
Considering that PolicyKit is mostly targeting desktop policy, I doubt
that most of the configurations will be very complex. Mostly I see the
PolicyKit settings to be "If local user" and "If an administrator." The
big gains with policy kit become the removal of gtksu and friends as an
easy attack vector.
--Ted
More information about the Discuss
mailing list