Ghosts of Unix past, part 3: Unfixable designs
Ghosts of Unix past, part 3: Unfixable designs
Posted Nov 25, 2010 20:18 UTC (Thu) by slashdot (guest, #22014)In reply to: Ghosts of Unix past, part 3: Unfixable designs by skissane
Parent article: Ghosts of Unix past, part 3: Unfixable designs
Linux does this, although security is handled by kernel modules ("LSM"s) instead of daemons.
AppArmor has separately-stored policy, while SELinux has separately-stored policy which is however automatically baked into the filesystem.
The real problem Linux has is that nobody seems to have the interest, authority and/or ability to figure out the optimal security model to use, so there are several ones in wide use, but none is actually polished and widespread.
Also, security UI and user-friendliness work seems quite lacking, with the result that advanced security often gets just turned off and even if enabled, only distribution-provided policies tend to be used.