On Tue, Apr 17, 2007 at 12:56:24PM -0400, Shaya Potter wrote:
Bharata B Rao wrote:
No. foo is not visible. While looking for a file in a union mounted
directory, the lookup starts from the topmost directory and proceeds
downwards if the file isn't present the top layers. If a whiteout is
On Tue, April 17, 2007 23:55, Karl MacMillan wrote:
On Mon, 2007-04-16 at 20:20 -0400, James Morris wrote:
On Mon, 16 Apr 2007, John Johansen wrote:
Label-based security (exemplified by SELinux, and its predecessors in
MLS systems) attaches security policy to the data. As the data flows
On Wed, 18 Apr 2007, David Lang wrote:
SELinux is designed to be able to make the box safe against root, AA is
designed to let the admin harden exposed apps without having to think about
the other things on the system.
This is not correct.
SELinux was designed as an access control framework
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be possible to configure to be very secure.
On Wed, 2007-04-18 at 11:11 +0200, Miklos Szeredi wrote:
I've tried to make this unprivileged mount thing as simple as
possible, and no simpler. If we can make it even simpler, all the
better.
We are certainly much more complex then the code in plan9 (just
read through it) so I
I've tried to make this unprivileged mount thing as simple as
possible, and no simpler. If we can make it even simpler, all the
better.
We are certainly much more complex then the code in plan9 (just
read through it) so I think we have room for improvement.
Just for
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be possible to configure to be
On Wed, 2007-04-18 at 16:03 +0200, Miklos Szeredi wrote:
Don't forget that almost all mount flags are per-superblock. How are you
planning on dealing with the case that one user mounts a filesystem
read-only, while another is trying to mount the same one read-write?
Yeah, I forgot, the
On Wed, Apr 18, 2007 at 10:26:29AM -0400, Trond Myklebust wrote:
That doesn't really change my agrument though. _If_ the flag is per
mount, then it makes sense to be able to change it on a master and not
on a slave. If mount flags are propagated, this is not possible.
Read-only isn't
Don't forget that almost all mount flags are per-superblock. How are you
planning on dealing with the case that one user mounts a filesystem
read-only, while another is trying to mount the same one read-write?
Yeah, I forgot, the per-mount read-only patches are not yet in.
That
Hi Al,
What d_xxx() functions should I call at the end of a filesystem mkdir() op?
It would seem that I've got two choices:
(1) just d_instantiate() (as ext2), or
(2) d_instantiate() and d_rehash() both (as NFS).
If I pick (1), then if I do:
mkdir
Miklos Szeredi [EMAIL PROTECTED] writes:
I've tried to make this unprivileged mount thing as simple as
possible, and no simpler. If we can make it even simpler, all the
better.
We are certainly much more complex then the code in plan9 (just
read through it) so I think we have room for
I've tried to make this unprivileged mount thing as simple as
possible, and no simpler. If we can make it even simpler, all the
better.
We are certainly much more complex then the code in plan9 (just
read through it) so I think we have room for improvement.
Just for reference
Hi all,
first, please excuse me if this is a very dump question...
I use Linux (inter alia) on an ARM9 system which is attached to a
measurement device. The device produces a new data set of ~10 kByte about
every 20 seconds, and the ARM system stores the data on a 1GB SD card
attached to
On Wed, 2007-04-18 at 11:19 +0200, Miklos Szeredi wrote:
Allowing this and other flags to NOT be propagated just makes it
possible to have a set of shared mounts with asymmetric properties,
which may actually be desirable.
The shared mount feature was designed to ensure that the
On Wed, 2007-04-18 at 21:14 +0200, Miklos Szeredi wrote:
As I said earlier, I see a case where two mounts that are peers of each
other can become un-identical if we dont propagate the allowusermnt.
As a practical example.
/tmp and /mnt are peers of each other.
/tmp has its
On Wed, 18 Apr 2007, Crispin Cowan wrote:
Please explain why labels are necessary for effective confinement. Many
systems besides AppArmor have used non-label schemes for effective
confinement: TRON, Janus, LIDS, Systrace, BSD Jail, EROS, PSOS, KeyOS,
AS400, to name just a few. This claim seems
On Wed, 18 Apr 2007, James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be
On Wed, 18 Apr 2007, Crispin Cowan wrote:
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play
On Wed, Apr 18, 2007 at 07:58:40PM +0200, Albrecht Dreß wrote:
- Are there known issues with VFAT in 2.6.11 which might lead to the
observed problems? Were they fixed?
- Is it possible to change the block size in ext2 to 16k (to match the SD
card's erase block size)?
Flash cards tend to
On Apr 16, 2007 18:01 +1000, Timothy Shimmin wrote:
--On 12 April 2007 5:05:50 AM -0600 Andreas Dilger [EMAIL PROTECTED]
wrote:
struct fiemap_extent {
__u64 fe_start; /* starting offset in bytes */
__u64 fe_len; /* length in bytes */
}
struct
On Apr 16, 2007 21:22 +1000, David Chinner wrote:
On Thu, Apr 12, 2007 at 05:05:50AM -0600, Andreas Dilger wrote:
struct fiemap_extent {
__u64 fe_start; /* starting offset in bytes */
__u64 fe_len; /* length in bytes */
}
struct fiemap {
On Wed, Apr 18, 2007 at 06:21:39PM -0600, Andreas Dilger wrote:
On Apr 16, 2007 21:22 +1000, David Chinner wrote:
On Thu, Apr 12, 2007 at 05:05:50AM -0600, Andreas Dilger wrote:
struct fiemap_extent {
__u64 fe_start; /* starting offset in bytes */
__u64 fe_len;
23 matches
Mail list logo