On Monday 02 July 2007 22:15, Christoph Hellwig wrote:
> AA on the other hand just fucks up VFS layering [...]
Oh come on, this claim clearly isn't justified. How on earth is passing
vfsmounts down the lsm hooks supposed to break vfs layering? We are not
proposing to pass additional information
--- Christoph Hellwig <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 02, 2007 at 12:31:49PM -0700, Casey Schaufler wrote:
> > It's true that the code review for AppArmor has proven difficult.
> > That's going to be true of any change to the vfs layer, for any
> > reason. Have someone who was there tell
On Mon, Jul 02, 2007 at 12:31:49PM -0700, Casey Schaufler wrote:
> It's true that the code review for AppArmor has proven difficult.
> That's going to be true of any change to the vfs layer, for any
> reason. Have someone who was there tell you about the original XFS
> proposals some time. Again, i
--- "Eric W. Biederman" <[EMAIL PROTECTED]> wrote:
> A couple of random thoughts to mix up this discussion.
>
> From what I have been able to observer the LSM is roughly firewalls
> rules for in box operations. All it can do is increase the chances
> you will get -EPERM.
More likely -EACCES,
Adrian Bunk <[EMAIL PROTECTED]> writes:
> On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
>> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <[EMAIL PROTECTED]> wrote:
>>
>> > >
>> > > so... where do we stand with this? Fundamental, irreconcilable
>> > > differences over the us
> > Anyone can apply the apparmour patch to their tree, they get the
> > choice that way. Nobody is currently prevented from using apparmour
> > if they want to, any such suggestion is pure rubbish.
>
> The exact same argument was made prior to SELinux going upstream.
Its made for every thing be
Any chance you can remove linux-fsdevel from the CC list? I don't think this
has anything to do with filesystems.
Cheers, Andreas
--
Andreas Dilger
Principal Software Engineer
Cluster File Systems, Inc.
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a m
From: Casey Schaufler <[EMAIL PROTECTED]>
Date: Wed, 27 Jun 2007 17:27:17 -0700 (PDT)
> --- David Miller <[EMAIL PROTECTED]> wrote:
>
> > Neither of those are reasons why something should go into the tree.
>
> They reflect the corporate reality of the open source community.
> If you're going to
--- David Miller <[EMAIL PROTECTED]> wrote:
> From: Crispin Cowan <[EMAIL PROTECTED]>
> Date: Wed, 27 Jun 2007 15:46:57 -0700
>
> > But we do not want to prevent other people from using SELinux if it
> > suits them. Linux is about choice, and that is especially vital in
> > security. As Linus hi
From: Crispin Cowan <[EMAIL PROTECTED]>
Date: Wed, 27 Jun 2007 15:46:57 -0700
> But we do not want to prevent other people from using SELinux if it
> suits them. Linux is about choice, and that is especially vital in
> security. As Linus himself observed when LSM was started, there are a
> lot of
Sean wrote:
> On Wed, 27 Jun 2007 14:06:04 -0700
> Crispin Cowan <[EMAIL PROTECTED]> wrote:
>
>> I am hoping for a reconciliation where the people who don't like
>> AppArmor live with it by not using it. AppArmor is not intended to
>> replace SELinux, it is intended to address a different set of
On Wed, 27 Jun 2007 14:06:04 -0700
Crispin Cowan <[EMAIL PROTECTED]> wrote:
> I am hoping for a reconciliation where the people who don't like
> AppArmor live with it by not using it. AppArmor is not intended to
> replace SELinux, it is intended to address a different set of goals.
You keep sayin
Adrian Bunk wrote:
> On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
>
>> Do you agree with the "irreconcilable" part? I think I do.
I am hoping for a reconciliation where the people who don't like
AppArmor live with it by not using it. AppArmor is not intended to
replace SELinu
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <[EMAIL PROTECTED]> wrote:
>
> > >
> > > so... where do we stand with this? Fundamental, irreconcilable
> > > differences over the use of pathname-based security?
> > >
> > There c
On Wednesday 27 June 2007 12:58, Kyle Moffett wrote:
> I seem to recall you could actually end up racing and building a path
> to the file in those directories as "a/d/0/3" or some other path at
> which it never even remotely existed. I'd love to be wrong,
Cheer up, you recall wrong.
> but I can'
On Jun 26, 2007, at 22:24:03, John Johansen wrote:
other issues that have been raised are:
- the use of d_path to generate the pathname used for mediation when a
file is opened.
- Generating the pathname using a reverse walk is considered ugly
A little more than "ugly". In this basic concu
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <[EMAIL PROTECTED]> wrote:
>
> > >
> > > so... where do we stand with this? Fundamental, irreconcilable
> > > differences over the use of pathname-based security?
> > >
> > There c
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <[EMAIL PROTECTED]> wrote:
> >
> > so... where do we stand with this? Fundamental, irreconcilable
> > differences over the use of pathname-based security?
> >
> There certainly seems to be some differences of opinion over the use
> of pathname-b
On Tue, Jun 26, 2007 at 04:52:02PM -0700, Andrew Morton wrote:
> On Tue, 26 Jun 2007 16:07:56 -0700
> [EMAIL PROTECTED] wrote:
>
> > This post contains patches to include the AppArmor application security
> > framework, with request for inclusion into -mm for wider testing.
>
> Patches 24 and 31
On Tue, 26 Jun 2007 16:07:56 -0700
[EMAIL PROTECTED] wrote:
> This post contains patches to include the AppArmor application security
> framework, with request for inclusion into -mm for wider testing.
Patches 24 and 31 didn't come through.
Rolled-up diffstat (excluding 24&31):
fs/attr.c
This post contains patches to include the AppArmor application security
framework, with request for inclusion into -mm for wider testing.
These patches are currently against lkml but we will gladly rebase them
against -mm so that they will apply cleanly.
Any comments and feedback to improve imple
21 matches
Mail list logo