Re: [PATCH] fs: Correct SuS compliance for open of large file without options

the latest Debian stable). Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 10/25] Unionfs: add un/likely conditionals on copyup ops

anyways (B) It really is extremely unlikely that it fails (Think physical hardware failure) Anything else is just bogus. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: [00/41] Large Blocksize Support V7 (adds memmap support)

-level allocations of IPv4 space: http://xkcd.com/195/ Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Distributed storage. Move away from char device ioctls.

be interested in for a real networked filesystem. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Adding a security parameter to VFS functions

because it was the first VFS call he needed to set a security context on. Next would come anything which CacheFiles or NFSd call on the underlying filesystem. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL

Re: [AppArmor 00/44] AppArmor security module overview

-generation proposal which gets the locking right. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [RFC] fsblock

to the block layer, but blkmap sounds like it is a map from the block to somewhere. fsblkmap ;) vmblock? pgblock? Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http

Re: Versioning file system

On Jun 19, 2007, at 03:58:57, Bron Gondwana wrote: On Mon, Jun 18, 2007 at 11:10:42PM -0400, Kyle Moffett wrote: On Jun 18, 2007, at 13:56:05, Bryan Henderson wrote: The question remains is where to implement versioning: directly in individual filesystems or in the vfs code so all filesystems

Re: Versioning file system

/dev/null device (and that's also not a question). All opinions and comments welcomed. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Versioning file system

them (like SELinux labels). Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

to *work* with any default-deny policy then you have to describe EVERYTHING anyways. How exactly do you expect AppArmor to work if you don't allow users to run /bin/passwd, for example. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

On Jun 09, 2007, at 12:46:40, [EMAIL PROTECTED] wrote: On Sat, 9 Jun 2007, Kyle Moffett wrote: Typical targetted policies leave all user logins as unrestricted, adding security for daemons but not getting in the way of users who would otherwise turn SELinux off. On the other hand

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

On Jun 09, 2007, at 13:32:05, [EMAIL PROTECTED] wrote: On Sat, 9 Jun 2007, Kyle Moffett wrote: On Jun 09, 2007, at 12:46:40, [EMAIL PROTECTED] wrote: so as I understand this with SELinux you will have lots of labels around your system (more as you lock down the system more) you need

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On May 28, 2007, at 06:41:11, Toshiharu Harada wrote: 2007/5/27, Kyle Moffett [EMAIL PROTECTED]: If you can't properly manage your labels, then how do you expect any security at all? Please read my message again. I didn't say, This can never be achieved. I said, This can not be easily

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On May 28, 2007, at 16:38:38, Pavel Machek wrote: Kyle Moffett wrote: I am of the opinion that adding a name parameter to the file/ directory create actions would be useful. For example, with such support you could actually specify a type-transition rule conditional on a specific name

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

privileges based on boolean variables, something that cannot be done if the privileges themselves are stored in the filesystem. Finally, such an approach does not allow you to differentiate between programs. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On May 27, 2007, at 03:25:27, Toshiharu Harada wrote: 2007/5/27, Kyle Moffett [EMAIL PROTECTED]: On May 26, 2007, at 19:08:56, Toshiharu Harada wrote: 2007/5/27, James Morris [EMAIL PROTECTED]: On Sat, 26 May 2007, Kyle Moffett wrote: AppArmor). On the other hand, if you actually want

Re: Pass struct vfsmount to the inode_create LSM hook

would either have to completely turn off that security feature and lose most of the functionality of TOMOYO Linux, or hard-code the list of realms into the policy file and have to completely reload policy every time I need to add/remove realms (big gaping security hole). Cheers, Kyle Moffett

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On May 26, 2007, at 19:08:56, Toshiharu Harada wrote: 2007/5/27, James Morris [EMAIL PROTECTED]: On Sat, 26 May 2007, Kyle Moffett wrote: AppArmor). On the other hand, if you actually want to protect the _data_, then tagging the _name_ is flawed; tag the *DATA* instead. Bingo

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On May 26, 2007, at 22:37:02, [EMAIL PROTECTED] wrote: On Sat, 26 May 2007 22:10:34 EDT, Kyle Moffett said: On May 26, 2007, at 19:08:56, Toshiharu Harada wrote: (1) Object labeling has a assumption that labels are always properly defined and maintained. This can not be easily achieved

Re: [PATCH] AFS: Implement file locking

and the more complicated stuff can come later. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

hand, if you actually want to protect the _data_, then tagging the _name_ is flawed; tag the *DATA* instead. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [PATCH] LogFS take three

bptree to help prevent confusion. A quick google search on bp-tree reveals only the perl B +-tree module Tree::BPTree, a U-Maryland Java CS project on B+- trees, and a news article about a BP tree-top protest. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux

Re: [RFC/PATCH] revokeat/frevoke system calls V5

the possibility of breaking existing programs. On the other hand, it's not like we have any problems with the syscall tables getting too large. Cheers, Kyle Moffett - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo