One factor might be that the argument assumes you're actually using/thinking about kernel security features, like SELinux.
That is, if not many people love SELinux and friends (https://utcc.utoronto.ca/~cks/space/blog/linux/SELinuxUsability), then popular pressure to fix the kernel bypasses would naturally be low.
It seems to me containers have so much potential, and are so affected by weak kernels, that they could become a major motivation for change. (Technically they may use SELinux, but most of the time we think of them in terms of namespaces).
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Because not enough people care about the kernel security features?
Date: 2015-11-06 12:35 pm (UTC)That is, if not many people love SELinux and friends (https://utcc.utoronto.ca/~cks/space/blog/linux/SELinuxUsability), then popular pressure to fix the kernel bypasses would naturally be low.
It seems to me containers have so much potential, and are so affected by weak kernels, that they could become a major motivation for change. (Technically they may use SELinux, but most of the time we think of them in terms of namespaces).
-- Alan Jenkins