On Wed, 27 Apr 2016, Kees Cook wrote: > Doing "b" means writing a policy engine. I would expect it to look a > lot like either AppArmor or TOMOYO. TOMOYO has network structure > processing, so probably it would look more like TOMOYO if you wanted > more than just file paths. Maybe a seccomp LSM could share logic from > one of the existing path-based LSMs. Right, and that LSM should probably be AppArmor, which is actually being used and maintained. -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
