Hello.
Andreas Gruenbacher wrote:
> I don't know what you are talking about -- the very first patch in the
> AppArmor series adds the vfsmount parameter to security_inode_create().
I'm talking about "the current version" of AppArmor (I mean AppArmor available
for
OpenSuSE 10.1/10.2, but I
Hello.
Andreas Gruenbacher wrote:
I don't know what you are talking about -- the very first patch in the
AppArmor series adds the vfsmount parameter to security_inode_create().
I'm talking about the current version of AppArmor (I mean AppArmor available
for
OpenSuSE 10.1/10.2, but I should
On Tuesday 29 May 2007 22:47, Tetsuo Handa wrote:
> AppArmor can't determine which pathname (/tmp/public/file or
> /tmp/secret/file) was requested by touch command if bound mount is used in
> the following way
>
> # mkdir /tmp/public /tmp/secret
> # mount -t tmpfs none /tmp/public
> # mount
Hello.
Andreas Gruenbacher wrote:
> > But, from the pathname-based access control's point of view,
> > bind mount interferes severely with pathname-based access control
> > because it is impossible to determine which pathname was requested.
> Wrong. It is very well possible to determine the path
On Tue, 29 May 2007, Casey Schaufler wrote:
> > Conventional UNIX's access control can't restrict
> > which path_to_file can link with which another_path_to_file
> > because UNIX's access control is a label-based access control.
>
> UNIX access control is attribute based, not label based. The
>
On Tuesday 29 May 2007 12:46, Tetsuo Handa wrote:
> But, from the pathname-based access control's point of view,
> bind mount interferes severely with pathname-based access control
> because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine
--- Tetsuo Handa <[EMAIL PROTECTED]> wrote:
> Conventional UNIX's access control can't restrict
> which path_to_file can link with which another_path_to_file
> because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
Hello.
Crispin Cowan wrote:
> AppArmor actually does something similar to this, by mediating all of
> the ways that you can make an alias to a file. These are:
>
> * Symbolic links: these actually don't work for making aliases with
> respect to LSM-based security systems such as
Hello.
Crispin Cowan wrote:
AppArmor actually does something similar to this, by mediating all of
the ways that you can make an alias to a file. These are:
* Symbolic links: these actually don't work for making aliases with
respect to LSM-based security systems such as AppArmor,
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
distinction may
On Tuesday 29 May 2007 12:46, Tetsuo Handa wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the
On Tue, 29 May 2007, Casey Schaufler wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
Hello.
Andreas Gruenbacher wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the path of a
On Tuesday 29 May 2007 22:47, Tetsuo Handa wrote:
AppArmor can't determine which pathname (/tmp/public/file or
/tmp/secret/file) was requested by touch command if bound mount is used in
the following way
# mkdir /tmp/public /tmp/secret
# mount -t tmpfs none /tmp/public
# mount --bind
Hello.
I think bind mounts were discussed when shared subtree
( http://lwn.net/Articles/159092/ ) was introduced.
For systems that allow users mount their CD/DVDs freely,
bind mounts are used and labeling files is a convenient way
to deny accessing somebody else's files.
But systems that don't
Hello.
I think bind mounts were discussed when shared subtree
( http://lwn.net/Articles/159092/ ) was introduced.
For systems that allow users mount their CD/DVDs freely,
bind mounts are used and labeling files is a convenient way
to deny accessing somebody else's files.
But systems that don't
16 matches
Mail list logo
