On Wed, 23 May 2007, Andreas Gruenbacher wrote: > This is backwards from what AppArmor does. The policy defines which paths may > be accessed; all paths not explicitly listed are denied. If files are mounted > at multiple locations, then the policy may allow access to some locations but > not to others. That's not a hole.
I don't know what else you'd call it. Would you mind providing some concrete examples of how such a model would be useful? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/