On Fri, 8 Jun 2007 22:18:40 -0700 (PDT)
[EMAIL PROTECTED] wrote:
> the way I would describe the difference betwen AA and SELinux is:
>
> SELinux is like a default allow IPS system, you have to describe
> EVERYTHING to the system so that it knows what to allow and what to stop.
>
> AA is like a
On Fri, 8 Jun 2007, Greg KH wrote:
I still want to see a definition of the AA "model" that we can then use
to try to implement using whatever solution works best. As that seems
to be missing the current argument of if AA can or can not be
implemented using SELinux or something totally different
Please cc networking patches to [EMAIL PROTECTED]
Jeff Layton <[EMAIL PROTECTED]> wrote:
>
> The following patch is a first stab at removing this need. It makes it
> so that in tcp_recvmsg() we also check kthread_should_stop() at any
> point where we currently check to see if the task was signall
On Fri, 8 Jun 2007, Greg KH wrote:
On Sat, Jun 09, 2007 at 12:03:57AM +0200, Andreas Gruenbacher wrote:
AppArmor is meant to be relatively easy to understand, manage, and customize,
and introducing a labels layer wouldn't help these goals.
Woah, that describes the userspace side of AA just fi
On Sat, Jun 09, 2007 at 12:03:57AM +0200, Andreas Gruenbacher wrote:
> AppArmor is meant to be relatively easy to understand, manage, and customize,
> and introducing a labels layer wouldn't help these goals.
Woah, that describes the userspace side of AA just fine, it means
nothing when it comes
From: J. Bruce Fields <[EMAIL PROTECTED]>
Currently leases are only kept locally, so there's no way for a distributed
filesystem to enforce them against multiple clients. We're particularly
interested in the case of nfsd exporting a cluster filesystem, in which
case nfsd needs cluster-coherent le
From: J. Bruce Fields <[EMAIL PROTECTED]>
We've been using the convention that vfs_foo is the function that calls
a filesystem-specific foo method if it exists, or falls back on a
generic method if it doesn't.
So rename setlease to vfs_setlease, and __setlease to setlease. Keep
setlease exported
From: J. Bruce Fields <[EMAIL PROTECTED]>
Share more code between setlease (used by nfsd) and fcntl.
Also some minor cleanup.
Signed-off-by: "J. Bruce Fields" <[EMAIL PROTECTED]>
---
fs/locks.c | 30 ++
1 files changed, 10 insertions(+), 20 deletions(-)
diff --git
From: J. Bruce Fields <[EMAIL PROTECTED]>
As Peter Staubach says elsewhere
(http://marc.info/?l=linux-kernel&m=118113649526444&w=2):
> The problem is that some file system such as NFSv2 and NFSv3 do
> not have sufficient support to be able to support leases correctly.
> In particular for these tw
From: Marc Eshel <[EMAIL PROTECTED]>
Since gfs2 can't prevent conflicting opens or leases on other nodes, we
probably shouldn't allow it to give out leases at all.
Put the newly defined lease operation into use in gfs2 by turning off
lease, unless we're using the "nolock' locking module (in which
J. Bruce Fields <[EMAIL PROTECTED]> wrote:
> OK, good. I'll revise and post a new series. (Do people prefer
> another mailbomb or a git url?)
OK, I went for the former; if you'd rather get this out of git, you can
git clone http://www.linux-nfs.org/~bfields/linux.git
git checko
On Wednesday 06 June 2007 15:26, Stephen Smalley wrote:
> On Mon, 2007-06-04 at 23:03 +0200, Andreas Gruenbacher wrote:
> > [...] SELinux turns pathnames into labels when it
> > initially labels all files (when a policy is rolled out), whereas
> > AppArmor computes the "label" of each file when a f
This one's sort of outside my normal area of expertise so sending this
as an RFC to gather feedback on the idea.
Some background:
The cifs_mount() and cifs_umount() functions currently send a signal to
the cifsd kthread prior to calling kthread_stop on it. The reasoning is
apparently that it's li
13 matches
Mail list logo
