On 07/10/2013 11:00 AM, Seth Arnold wrote:
> On Wed, Jul 10, 2013 at 01:35:35PM +0200, Ángel González wrote:
>> Replying to differenet mails:
>>> now what of abstract sockets? They are the same as unix domain but
>>> begin with \0. We could use this notation or chose an alternate way
>>> of express
On Wed, Jul 10, 2013 at 01:35:35PM +0200, Ángel González wrote:
> Replying to differenet mails:
> >now what of abstract sockets? They are the same as unix domain but
> >begin with \0. We could use this notation or chose an alternate way
> >of expressing it.
> > network unix name=\0foo,
> >or mayb
On 07/10/2013 04:35 AM, Ángel González wrote:
> Replying to differenet mails:
>> now what of abstract sockets? They are the same as unix domain but
>> begin with \0. We could use this notation or chose an alternate way
>> of expressing it.
>>network unix name=\0foo,
>> or maybe
>>network un
Replying to differenet mails:
now what of abstract sockets? They are the same as unix domain but
begin with \0. We could use this notation or chose an alternate way
of expressing it.
network unix name=\0foo,
or maybe
network unix abstract=foo,
Use an @, ie.
network unix @/tmp/.X11-unix/
On 07/05/2013 04:27 PM, Seth Arnold wrote:
> On Sun, Jun 30, 2013 at 03:07:38AM -0700, John Johansen wrote:
>>> You've very nearly convinced me that for the various forms of on-machine
>>> IPC pairing does not make a lot of sense and the automatic label mechanism
>>> is a better fit.
>>>
>> Ha! I h
On Sun, Jun 30, 2013 at 03:07:38AM -0700, John Johansen wrote:
> > You've very nearly convinced me that for the various forms of on-machine
> > IPC pairing does not make a lot of sense and the automatic label mechanism
> > is a better fit.
> >
> Ha! I haven't convinced my self. That is I know we c
So a quick summary for people to mull over on weekend
1. Pairing vs. no pairing
that is being able to tie mediation to both local and remote attributes
at the same time. The attributes don't have to be addresses, however
the subject labeling is implied (its the profile the rule is defined
On Wed, Jul 03, 2013 at 01:06:50PM -0700, Casey Schaufler wrote:
> > What can we mediate with purely LSM hooks?
> >
> > - bind subject protocol
> > - bind subject address
> > - bind subject port
> > - bind subject interface
> > - listen
> > - listen queue length
> > - accept
> > - connect subject p
On 07/03/2013 01:06 PM, Casey Schaufler wrote:
> On 7/2/2013 11:43 PM, Seth Arnold wrote:
>> I wrote a long detailed response to your questions but realized after a
>> while that I was relying on some pretty huge assumptions on how the LSM
>> networking hooks interact with the secmark hooks.
>>
>>
On 7/2/2013 11:43 PM, Seth Arnold wrote:
> I wrote a long detailed response to your questions but realized after a
> while that I was relying on some pretty huge assumptions on how the LSM
> networking hooks interact with the secmark hooks.
>
> So, rather than send a long email based on probably in
On 07/03/2013 12:40 AM, John Johansen wrote:
> On 07/02/2013 11:45 PM, Steve Beattie wrote:
>> I'm coming into this thread a bit late, so my apologies if I'm being
>> truly dense here.
>>
>> On Mon, Jul 01, 2013 at 09:08:23PM -0700, John Johansen wrote:
>>> On 07/01/2013 05:35 PM, Tyler Hicks wrote
On 07/03/2013 01:15 AM, John Johansen wrote:
> On 07/02/2013 11:43 PM, Seth Arnold wrote:
>> I wrote a long detailed response to your questions but realized after a
>> while that I was relying on some pretty huge assumptions on how the LSM
>> networking hooks interact with the secmark hooks.
>>
>>
On 07/02/2013 11:43 PM, Seth Arnold wrote:
> I wrote a long detailed response to your questions but realized after a
> while that I was relying on some pretty huge assumptions on how the LSM
> networking hooks interact with the secmark hooks.
>
> So, rather than send a long email based on probably
On 07/02/2013 11:45 PM, Steve Beattie wrote:
> I'm coming into this thread a bit late, so my apologies if I'm being
> truly dense here.
>
> On Mon, Jul 01, 2013 at 09:08:23PM -0700, John Johansen wrote:
>> On 07/01/2013 05:35 PM, Tyler Hicks wrote:
>>> What about only allowing a single permission
I'm coming into this thread a bit late, so my apologies if I'm being
truly dense here.
On Mon, Jul 01, 2013 at 09:08:23PM -0700, John Johansen wrote:
> On 07/01/2013 05:35 PM, Tyler Hicks wrote:
> > What about only allowing a single permission per rule? That would ensure
> > that the rule is clear
I wrote a long detailed response to your questions but realized after a
while that I was relying on some pretty huge assumptions on how the LSM
networking hooks interact with the secmark hooks.
So, rather than send a long email based on probably incorrect
assumptions, I figured I better address th
On 07/01/2013 05:35 PM, Tyler Hicks wrote:
> On 2013-06-30 03:23:43, John Johansen wrote:
>> On 06/28/2013 11:55 PM, John Johansen wrote:
>>> On 06/28/2013 01:57 PM, Tyler Hicks wrote:
I had to trim this down and focus on one section that has been bothering
me. It is based upon the idea t
On 07/01/2013 06:27 PM, Seth Arnold wrote:
> On Fri, Jun 28, 2013 at 01:57:27PM -0700, Tyler Hicks wrote:
>> [...]
>> So lets add another twist to the profile. The screen locker only locks.
>> It launches a screen saver application that displays mesmerizing 3D
>> pipes that rapidly grow in every di
On Fri, Jun 28, 2013 at 01:57:27PM -0700, Tyler Hicks wrote:
> [...]
> So lets add another twist to the profile. The screen locker only locks.
> It launches a screen saver application that displays mesmerizing 3D
> pipes that rapidly grow in every direction. The screen locker must kill
> the screen
On 2013-06-30 03:23:43, John Johansen wrote:
> On 06/28/2013 11:55 PM, John Johansen wrote:
> > On 06/28/2013 01:57 PM, Tyler Hicks wrote:
> >> I had to trim this down and focus on one section that has been bothering
> >> me. It is based upon the idea that we can do away with pairing. While I
> >>
On 06/28/2013 11:55 PM, John Johansen wrote:
> On 06/28/2013 01:57 PM, Tyler Hicks wrote:
>> I had to trim this down and focus on one section that has been bothering
>> me. It is based upon the idea that we can do away with pairing. While I
>> mostly agree, DBus intricacies were making it difficult
On 06/28/2013 04:49 PM, Seth Arnold wrote:
> Impressive email, thanks.
>
> I can't begin to address all the open questions you raised, but we have
> to start somewhere, so here's my stab at what I felt was most important:
>
> Pairing
>
> You've very nearly convinced me that for the various forms
On 06/28/2013 01:57 PM, Tyler Hicks wrote:
> I had to trim this down and focus on one section that has been bothering
> me. It is based upon the idea that we can do away with pairing. While I
> mostly agree, DBus intricacies were making it difficult for me to
> understand what exactly we would be d
Impressive email, thanks.
I can't begin to address all the open questions you raised, but we have
to start somewhere, so here's my stab at what I felt was most important:
Pairing
You've very nearly convinced me that for the various forms of on-machine
IPC pairing does not make a lot of sense and
I had to trim this down and focus on one section that has been bothering
me. It is based upon the idea that we can do away with pairing. While I
mostly agree, DBus intricacies were making it difficult for me to
understand what exactly we would be doing away with.
On 2013-06-26 11:00:52, John Johan
So this is long and has taken far to long to write, I am sure their
are things I have missed and some of the logic may be missing. In fact
I don't really consider this email complete but we need to make a
decision asap, so
Lets look at this at a more generic layer and then start applying it
to oth
26 matches
Mail list logo