Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/113943985076136386">GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 04-Feb-2025 15:25:38 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><a href="https://grapheneos.social/@GrapheneOS/113943974954938954" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> Linux kernel maintainers have both accepted and rejected dozens of little access control features for providing inflexible versions of what can be done through writing declarative SELinux policies.</p><p>Access control is a very small part of defending the kernel itself against attacks. The main issue with the kernel is that it's a massive monolith with no sandboxing for drivers, filesystems, etc. and increasingly immense complexity for core kernel components for max scalability, etc.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4504772#notice-8820971">In conversation</a><time datetime="2025-02-04T15:25:38+09:00" title="Tuesday, 04-Feb-2025 15:25:38 JST">about 18 days ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/113943985076136386" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/113943985076136386">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 04-Feb-2025 15:25:38 JSTGrapheneOS
in reply to
- Rich Felker
@dalias Linux kernel maintainers have both accepted and rejected dozens of little access control features for providing inflexible versions of what can be done through writing declarative SELinux policies.
Access control is a very small part of defending the kernel itself against attacks. The main issue with the kernel is that it's a massive monolith with no sandboxing for drivers, filesystems, etc. and increasingly immense complexity for core kernel components for max scalability, etc.
In conversationabout 18 days ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice