AppArmor and SELinux address this problem. But -- speaking from experience -- th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		paulddraper on Feb 2, 2019 \| parent \| context \| favorite \| on: Dotfile madness AppArmor and SELinux address this problem. But -- speaking from experience -- they are painful to use; most users prefer convenience over heightened security.

Spivak on Feb 3, 2019 [–]

They're painful to set up yourself, but that's pretty much true of all current sandboxing approaches. If you just let your distro do it and follow their conventions it you barely notice.

paulddraper on Feb 4, 2019 | [–]

> that's pretty much true of all current sandboxing approaches

Agreed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact