the latest Debian stable).
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
anyways
(B) It really is extremely unlikely that it fails (Think physical
hardware failure)
Anything else is just bogus.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
-level allocations of IPv4 space:
http://xkcd.com/195/
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
be interested in for a real networked
filesystem.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
because it
was the first VFS call he needed to set a security context on. Next
would come anything which CacheFiles or NFSd call on the underlying
filesystem.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL
-generation
proposal which gets the locking right.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
to the block layer, but blkmap sounds like
it is a map from the block to somewhere.
fsblkmap ;)
vmblock? pgblock?
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
On Jun 19, 2007, at 03:58:57, Bron Gondwana wrote:
On Mon, Jun 18, 2007 at 11:10:42PM -0400, Kyle Moffett wrote:
On Jun 18, 2007, at 13:56:05, Bryan Henderson wrote:
The question remains is where to implement versioning: directly
in individual filesystems or in the vfs code so all filesystems
/dev/null device (and that's also not a question).
All opinions and comments welcomed.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
them (like
SELinux labels).
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
to *work* with any
default-deny policy then you have to describe EVERYTHING anyways.
How exactly do you expect AppArmor to work if you don't allow users
to run /bin/passwd, for example.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body
On Jun 09, 2007, at 12:46:40, [EMAIL PROTECTED] wrote:
On Sat, 9 Jun 2007, Kyle Moffett wrote:
Typical targetted policies leave all user logins as
unrestricted, adding security for daemons but not getting in the
way of users who would otherwise turn SELinux off. On the other
hand
On Jun 09, 2007, at 13:32:05, [EMAIL PROTECTED] wrote:
On Sat, 9 Jun 2007, Kyle Moffett wrote:
On Jun 09, 2007, at 12:46:40, [EMAIL PROTECTED] wrote:
so as I understand this with SELinux you will have lots of labels
around your system (more as you lock down the system more) you
need
On May 28, 2007, at 06:41:11, Toshiharu Harada wrote:
2007/5/27, Kyle Moffett [EMAIL PROTECTED]:
If you can't properly manage your labels, then how do you expect
any security at all?
Please read my message again. I didn't say, This can never be
achieved. I said, This can not be easily
On May 28, 2007, at 16:38:38, Pavel Machek wrote:
Kyle Moffett wrote:
I am of the opinion that adding a name parameter to the file/
directory create actions would be useful. For example, with such
support you could actually specify a type-transition rule
conditional on a specific name
privileges based on boolean variables, something
that cannot be done if the privileges themselves are stored in the
filesystem. Finally, such an approach does not allow you to
differentiate between programs.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux
On May 27, 2007, at 03:25:27, Toshiharu Harada wrote:
2007/5/27, Kyle Moffett [EMAIL PROTECTED]:
On May 26, 2007, at 19:08:56, Toshiharu Harada wrote:
2007/5/27, James Morris [EMAIL PROTECTED]:
On Sat, 26 May 2007, Kyle Moffett wrote:
AppArmor). On the other hand, if you actually want
would either have to completely turn
off that security feature and lose most of the functionality of
TOMOYO Linux, or hard-code the list of realms into the policy file
and have to completely reload policy every time I need to add/remove
realms (big gaping security hole).
Cheers,
Kyle Moffett
On May 26, 2007, at 19:08:56, Toshiharu Harada wrote:
2007/5/27, James Morris [EMAIL PROTECTED]:
On Sat, 26 May 2007, Kyle Moffett wrote:
AppArmor). On the other hand, if you actually want to protect
the _data_, then tagging the _name_ is flawed; tag the *DATA*
instead.
Bingo
On May 26, 2007, at 22:37:02, [EMAIL PROTECTED] wrote:
On Sat, 26 May 2007 22:10:34 EDT, Kyle Moffett said:
On May 26, 2007, at 19:08:56, Toshiharu Harada wrote:
(1) Object labeling has a assumption that labels are always
properly defined and maintained. This can not be easily achieved
and the more
complicated stuff can come later.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
hand, if you actually want
to protect the _data_, then tagging the _name_ is flawed; tag the
*DATA* instead.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
bptree to help prevent
confusion. A quick google search on bp-tree reveals only the perl B
+-tree module Tree::BPTree, a U-Maryland Java CS project on B+-
trees, and a news article about a BP tree-top protest.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux
the possibility of breaking existing
programs. On the other hand, it's not like we have any problems with
the syscall tables getting too large.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo
24 matches
Mail list logo