Hacker News new | comments | show | ask | jobs | submit login

Why was this only tested against grsec but not SELinux? Is there some reason that it's not interesting to test SELinux against this exploit??



SELinux does not aim to protect or harden the kernel. SELinux aims to enforce a more complicated(maybe expressive), MAC policy on the filesystem and a few related objects. The SELinux threat model is helpless against a kernel vulnerability because it does not address application security.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: