On Monday 11 June 2007 16:33, Stephen Smalley wrote:
>From a userland perspective, audit and inotify allow you to specify
> watches on pathnames, and those watches trigger actions by the audit and
> inotify subsystems when those files are accessed. The kernel mechanism
> however is inode-based, no
Quoting Karl MacMillan ([EMAIL PROTECTED]):
> On Tue, 2007-06-12 at 10:34 -0500, Serge E. Hallyn wrote:
> > Quoting Stephen Smalley ([EMAIL PROTECTED]):
>
> [...]
>
> > >
> > > If we added support for named type transitions to SELinux, as proposed
> > > earlier by Kyle Moffett during this discus
On Tue, 2007-06-12 at 10:34 -0500, Serge E. Hallyn wrote:
> Quoting Stephen Smalley ([EMAIL PROTECTED]):
[...]
> >
> > If we added support for named type transitions to SELinux, as proposed
> > earlier by Kyle Moffett during this discussion, wouldn't that address
> > that issue without needing a
On 2007-06-10T23:05:47, Pavel Machek <[EMAIL PROTECTED]> wrote:
> But you have that regex in _user_ space, in a place where policy
> is loaded into kernel.
>
> AA has regex parser in _kernel_ space, which is very wrong.
That regex parser only applies user defined policy. The logical
connection b
Quoting Stephen Smalley ([EMAIL PROTECTED]):
> On Mon, 2007-06-11 at 14:02 -0500, Serge E. Hallyn wrote:
> > Quoting Andreas Gruenbacher ([EMAIL PROTECTED]):
> > > On Monday 11 June 2007 16:33, Stephen Smalley wrote:
> > > > On Mon, 2007-06-11 at 01:10 +0200, Andreas Gruenbacher wrote:
> > > > > On
On Mon, 2007-06-11 at 17:55 +0200, Andreas Gruenbacher wrote:
> On Monday 11 June 2007 16:33, Stephen Smalley wrote:
> > On Mon, 2007-06-11 at 01:10 +0200, Andreas Gruenbacher wrote:
> > > On Wednesday 06 June 2007 15:09, Stephen Smalley wrote:
> > > > On Mon, 2007-06-04 at 16:30 +0200, Andreas Gru
Hi!
> > > > How will kernel work with very long paths? I'd suspect some problems,
> > > > if path is 1MB long and I attempt to print it in /proc
> > > > somewhere.
> > >
> > > Pathnames are only used for informational purposes in the kernel, except
> > > in AppArmor of course. /proc only uses pa
On Mon, 2007-06-11 at 14:02 -0500, Serge E. Hallyn wrote:
> Quoting Andreas Gruenbacher ([EMAIL PROTECTED]):
> > On Monday 11 June 2007 16:33, Stephen Smalley wrote:
> > > On Mon, 2007-06-11 at 01:10 +0200, Andreas Gruenbacher wrote:
> > > > On Wednesday 06 June 2007 15:09, Stephen Smalley wrote:
>
