On 11/29/21 17:19, Nicholas Geovanis wrote:
> On Mon, Nov 29, 2021, 5:14 PM James H. H. Lampert <jam...@touchtonecorp.com
> <mailto:jam...@touchtonecorp.com>> wrote:
>
> .... And the only
> reason ROOT access is more dangerous than, say, QSECOFR access on OS/400
> (or whatever IBM is calling it this week) is because there's nothing
> stopping a Linux ROOT from doing things *nobody* should be allowed to do
> without putting the system into some kind of maintenance mode.
>
>
> Well selinux stops root from doing those things. But im the only known human
> who doesn't dislike selinux. And other problems I have....
> :-D
You are not the only one who doesn't dislike or maybe even likes selinux. I
consider it technically superior to apparmor as a mandatory access control
system, and maybe both more flexible and user-friendlier as well. I found it
generally fairly easy to find good documentation (e. g., Red Hat).
And I expect those who originated it, some still employed at USNSA, also think
well of it, along with the current maintainers and likely enough quite a few
other users.
Regards,
Tom Dial
>
>
> .......
> --
> JHHL
>
