SE-Linux is the worst possible way to secure a linux system, its like when Micro... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mikewarot on Jan 28, 2021 | parent | context | favorite | on: Let's Not Dumb Down the History of Computer Scienc...

SE-Linux is the worst possible way to secure a linux system, its like when Microsoft went overboard on warnings, instead of actually trying to solve the problem.

The main implementation difference in a capability based system is using a PowerBox to select files to give to a process, instead of letting the process access everything the user has rights to.

pjmlp on Jan 28, 2021 [–]

On Android you get no option, SE-Linux and seccomp are enabled by default and there are other measures in place that top any other Linux based OS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact