On Mon, 21 Aug 2017, Mickaël Salaün wrote: > ## Why a new LSM? Are SELinux, AppArmor, Smack and Tomoyo not good enough? > > The current access control LSMs are fine for their purpose which is to give the > *root* the ability to enforce a security policy for the *system*. What is > missing is a way to enforce a security policy for any application by its > developer and *unprivileged user* as seccomp can do for raw syscall filtering. > You could mention here that the first case is Mandatory Access Control, in general terms. -- James Morris <jmorris@xxxxxxxxx>
