On Sun, 30 Dec 2007 14:29:50 +0900, Tetsuo Handa said:
> Use of "learning mode" is independent from "correct policy".
My point *exactly*.
> The "learning mode" merely takes your duty of appending permissions to policy.
> We can develop and share procedures for how to exercise infrequently used c
Hello.
[EMAIL PROTECTED] wrote:
> Please make a *big* notation someplace that "learning mode" is quite likely to
> *not* produce a totally correct policy. In particular, it won't build rules
> for
> infrequently used code paths (such as error handling) unless you find a way to
> exercise those p
On Sat, 29 Dec 2007, H. Peter Anvin wrote:
> The security_sb_post_mountroot() hook is long-since obsolete, and is
> fundamentally broken: it is never invoked if someone uses initramfs.
> This is particularly damaging, because the existence of this hook has
> been used as motivation for not using i
--- "H. Peter Anvin" <[EMAIL PROTECTED]> wrote:
> The security_sb_post_mountroot() hook is long-since obsolete, and is
> fundamentally broken: it is never invoked if someone uses initramfs.
> This is particularly damaging, because the existence of this hook has
> been used as motivation for not u
The security_sb_post_mountroot() hook is long-since obsolete, and is
fundamentally broken: it is never invoked if someone uses initramfs.
This is particularly damaging, because the existence of this hook has
been used as motivation for not using initramfs.
Stephen Smalley confirmed on 2007-07-19 t
On Fri 2007-12-28 12:23:51, [EMAIL PROTECTED] wrote:
> On Fri, 28 Dec 2007 23:32:09 +0900, Tetsuo Handa said:
>
> > You can run your system with only policy collected by learning mode.
> > Thus, you basically don't need manual intervention.
> > But since there are randomly named files (i.e. tempor
