On Monday 02 July 2007 22:15, Christoph Hellwig wrote:
AA on the other hand just fucks up VFS layering [...]
Oh come on, this claim clearly isn't justified. How on earth is passing
vfsmounts down the lsm hooks supposed to break vfs layering? We are not
proposing to pass additional information
Adrian Bunk [EMAIL PROTECTED] writes:
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen [EMAIL PROTECTED] wrote:
so... where do we stand with this? Fundamental, irreconcilable
differences over the use of pathname-based
--- Eric W. Biederman [EMAIL PROTECTED] wrote:
A couple of random thoughts to mix up this discussion.
From what I have been able to observer the LSM is roughly firewalls
rules for in box operations. All it can do is increase the chances
you will get -EPERM.
More likely -EACCES, but
On Mon, Jul 02, 2007 at 12:31:49PM -0700, Casey Schaufler wrote:
It's true that the code review for AppArmor has proven difficult.
That's going to be true of any change to the vfs layer, for any
reason. Have someone who was there tell you about the original XFS
proposals some time. Again, it's
Anyone can apply the apparmour patch to their tree, they get the
choice that way. Nobody is currently prevented from using apparmour
if they want to, any such suggestion is pure rubbish.
The exact same argument was made prior to SELinux going upstream.
Its made for every thing before it
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen [EMAIL PROTECTED] wrote:
so... where do we stand with this? Fundamental, irreconcilable
differences over the use of pathname-based security?
There certainly seems to
On Jun 26, 2007, at 22:24:03, John Johansen wrote:
other issues that have been raised are:
- the use of d_path to generate the pathname used for mediation when a
file is opened.
- Generating the pathname using a reverse walk is considered ugly
A little more than ugly. In this basic
On Wednesday 27 June 2007 12:58, Kyle Moffett wrote:
I seem to recall you could actually end up racing and building a path
to the file in those directories as a/d/0/3 or some other path at
which it never even remotely existed. I'd love to be wrong,
Cheer up, you recall wrong.
but I can't
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen [EMAIL PROTECTED] wrote:
so... where do we stand with this? Fundamental, irreconcilable
differences over the use of pathname-based security?
There certainly seems to
Adrian Bunk wrote:
On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
Do you agree with the irreconcilable part? I think I do.
I am hoping for a reconciliation where the people who don't like
AppArmor live with it by not using it. AppArmor is not intended to
replace SELinux, it
On Wed, 27 Jun 2007 14:06:04 -0700
Crispin Cowan [EMAIL PROTECTED] wrote:
I am hoping for a reconciliation where the people who don't like
AppArmor live with it by not using it. AppArmor is not intended to
replace SELinux, it is intended to address a different set of goals.
You keep saying
Sean wrote:
On Wed, 27 Jun 2007 14:06:04 -0700
Crispin Cowan [EMAIL PROTECTED] wrote:
I am hoping for a reconciliation where the people who don't like
AppArmor live with it by not using it. AppArmor is not intended to
replace SELinux, it is intended to address a different set of goals.
From: Crispin Cowan [EMAIL PROTECTED]
Date: Wed, 27 Jun 2007 15:46:57 -0700
But we do not want to prevent other people from using SELinux if it
suits them. Linux is about choice, and that is especially vital in
security. As Linus himself observed when LSM was started, there are a
lot of
--- David Miller [EMAIL PROTECTED] wrote:
From: Crispin Cowan [EMAIL PROTECTED]
Date: Wed, 27 Jun 2007 15:46:57 -0700
But we do not want to prevent other people from using SELinux if it
suits them. Linux is about choice, and that is especially vital in
security. As Linus himself
From: Casey Schaufler [EMAIL PROTECTED]
Date: Wed, 27 Jun 2007 17:27:17 -0700 (PDT)
--- David Miller [EMAIL PROTECTED] wrote:
Neither of those are reasons why something should go into the tree.
They reflect the corporate reality of the open source community.
If you're going to go down
Any chance you can remove linux-fsdevel from the CC list? I don't think this
has anything to do with filesystems.
Cheers, Andreas
--
Andreas Dilger
Principal Software Engineer
Cluster File Systems, Inc.
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a
This post contains patches to include the AppArmor application security
framework, with request for inclusion into -mm for wider testing.
These patches are currently against lkml but we will gladly rebase them
against -mm so that they will apply cleanly.
Any comments and feedback to improve
On Tue, 26 Jun 2007 16:07:56 -0700
[EMAIL PROTECTED] wrote:
This post contains patches to include the AppArmor application security
framework, with request for inclusion into -mm for wider testing.
Patches 24 and 31 didn't come through.
Rolled-up diffstat (excluding 2431):
fs/attr.c
On Tue, Jun 26, 2007 at 04:52:02PM -0700, Andrew Morton wrote:
On Tue, 26 Jun 2007 16:07:56 -0700
[EMAIL PROTECTED] wrote:
This post contains patches to include the AppArmor application security
framework, with request for inclusion into -mm for wider testing.
Patches 24 and 31 didn't
On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen [EMAIL PROTECTED] wrote:
so... where do we stand with this? Fundamental, irreconcilable
differences over the use of pathname-based security?
There certainly seems to be some differences of opinion over the use
of
20 matches
Mail list logo
