On Sunday, November 13, 2016 at 7:51:09 PM UTC-8, Manuel Amador (Rudd-O) wrote: > On 11/12/2016 03:21 AM, Sec Tester wrote: > > SELinux or AppArmor. > > SELinux would be absofuckinglutely great. Confined apps like Firefox > would run much more securely. > > I got one DispVM owned by an attacker at Defcon in 2014. Isolation was > nice to have because the machine didn't get owned, but the VM would have > never been owned if SELinux had been active. > > -- > Rudd-O > http://rudd-o.com/
Why not grsecurity/PaX? especially with Qubes 4 switching to HVM (or PVHv2 or whatever it's called now), it will apparently work fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/afccb992-80b0-4e7c-8f20-bc9d1b3d8c6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.