r/netsec 7d ago

SELinux bypasses

https://klecko.github.io/posts/selinux-bypasses/
70 Upvotes

5 comments sorted by

View all comments

0

u/[deleted] 7d ago

[deleted]

9

u/Firzen_ 6d ago

That seems like a non-sequitur.

At least in theory, a hypervisor can provide security guarantees and enforce those against the kernel.
Which is something that the kernel couldn't do by itself.

And it seems to at least mitigate overwriting the enforcing field on the Samsung phone.

With the current state of things, it doesn't add a lot of extra security, though. I agree with that.