[Info-vax] VMS Privileges Versus Linux Capabilities
lawrencedo99 at gmail.com
lawrencedo99 at gmail.com
Wed Jun 22 01:57:24 EDT 2016
On Wednesday, June 22, 2016 at 3:20:09 AM UTC+12, Stephen Hoffman wrote:
> As implemented, nobody in their right mind would want to use SEVMS, or
> any other traditional mandatory access control system for that matter.
> Some folks — certainly of their right mind — do have to use mandatory
> access controls, because of their environment and the sorts of data
> they have stored on their servers. Mandatory access control security
> is not easy to manage, nor to use.
The Linux ones have a logging mode, I understand, where they just generate reports about what would have been blocked, instead of actually blocking it. That may be of some help in figuring it out.
There can be some snobbery involved, as well. For example, SELinux is the meanest and strictest (and most complex) of them all, so naturally those who (claim to) have mastered that look down on the ones who prefer the simpler AppArmor, that kind of thing.
More information about the Info-vax
mailing list