VFS helper functions and
LSM hooks seems to be a good choice to me.
Cheers,
Toshiharu Harada
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
ale
> replacement, and especially not without a clear design that addresses
> clearly stated problems that lots of people are having.
We should not invent wheels, that is agreed by everyone , but if we try to share
something that we can not share, we will fail. From the fact existing
LSM d
On 10/30/2007 5:40 PM, Jan Engelhardt wrote:
On Oct 30 2007 12:23, Toshiharu Harada wrote:
Instead of pushing TOMOYO Linux, I started developing
comparison chart of security-enhance Linux implementations.
The current version can be found in
http://tomoyo.sourceforge.jp/wiki-e/?WhatIs
ke to include opinions from BSD people.
I would like LSM to be the result of common requirements.
"Common" means good in general, but not always for security
perspective. IMHO, I think it is possible for us to get to the
conclusion not to have a framework.
Cheers (and with love to Li
inux is committed to help.
I mean, please count me in.
PS
Chris, I've been waiting for your comments for our code. :)
Regards,
Toshiharu Harada
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROT
k&exec)
/sbin/initlog (fork&exec)
/usr/sbin/cupsd (fork&exec)
/bin/bash (fork&exec)
/usr/lib/cups/backend/lpd (current process)
SELinux and other DTE implementations need domain definitions to work.
It is administrators task to design domains and name each domains.
TOMO
posted a RFC of TOMOYO Linux that is another
pathname-based MAC.
http://lkml.org/lkml/2007/6/13/58
AA and TOMOYO Linux have BoF sessions at OLS2007,
so it would be a great opportunity to *talk* over the issues.
What I want to say is "let's make progress and help each other
to make Linu
ed a RFC of TOMOYO Linux that is another
pathname-based MAC.
http://lkml.org/lkml/2007/6/13/58
AA and TOMOYO Linux have BoF sessions at OLS2007,
so it would be a great opportunity to *talk* over the issues.
What I want to say is "let's make progress and help each other
to make Linux better&
Stephen Smalley wrote:
On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote:
2007/6/13, Stephen Smalley <[EMAIL PROTECTED]>:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
Here are examples:
/bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
/bin/bash p
Stephen,
Thank you for your interests and comment.
I'm beginning to feel that you might be misunderstanding
my message. Let me explain.
Stephen Smalley wrote:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
A couple of years ago, we tried to build a tool to generate
SELinux p
Linux kernel to keep "process invocation history" information
for each process. In that sense, TOMOYO Linux is just
a sample implementation.
Please take a look at the following message:
http://lkml.org/lkml/2007/6/13/58
Best regards,
Toshiharu Harada
-
To unsubscribe from this list: sen
Morris, thank you for your comment.
2007/6/14, James Morris <[EMAIL PROTECTED]>:
On Thu, 14 Jun 2007, Toshiharu Harada wrote:
> TOMOYO Linux has a mode called "learning"
> in addition to "permissive" and "enforce". You can easily
> get the TOMOYO L
2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
Toshiharu Harada wrote:
> 2007/6/14, Rik van Riel <[EMAIL PROTECTED]>:
> SELinux has a well designed robust and flexible functions.
> So it should be used for everywhere. I understand it.
> As you mentioned one can ana
omical car.
Volvo is known by its security, but we don't have to use only Volvo.
TOMOYO Linux and its underlying idea are free and
you don't have to find a garage. :-)
Cheers,
Toshiharu Harada
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module&quo
2007/6/13, Stephen Smalley <[EMAIL PROTECTED]>:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
> Here are examples:
> /bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
> /bin/bash process invoked from sshd: /usr/sbin/sshd /bin/bash
> /bin/bash pr
hen:
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/security/tomoyo/?v=linux-2.6.21.3-tomoyo-2.0
We will have a TOMOYO Linux BOF session at the OLS2007 (*5).
Please come along and let's talk.
Thank you.
Toshiharu Harada (project manager)
Tetsuo Handa (main architect, version 1
;m not talking about security here).
Not everybody can be a professional administrators, but he/she can be a
professional administrator of his/her system. I believe there must be
solutions for non professional administrators. That's why we developed
TOMOYO Linux (http://tomoyo.sourceforge.jp/) an
2007/5/27, Kyle Moffett <[EMAIL PROTECTED]>:
On May 27, 2007, at 03:25:27, Toshiharu Harada wrote:
> 2007/5/27, Kyle Moffett <[EMAIL PROTECTED]>:
How is that argument not trivially circular? "Foo has an assumption
that foo-property is always properly defined and maintai
2007/5/27, Kyle Moffett <[EMAIL PROTECTED]>:
On May 26, 2007, at 19:08:56, Toshiharu Harada wrote:
> 2007/5/27, James Morris <[EMAIL PROTECTED]>:
>> On Sat, 26 May 2007, Kyle Moffett wrote:
>>> AppArmor). On the other hand, if you actually want to protect
>>&
abel is something like inventing and assigning
a *new* name (label name) to objects which can cause flaws.
I'm not saying labeled security or SELinux is wrong. I just wanted to
remind that the important part is the "process" not the "result". :-)
--
Toshiharu Harada
[E
besides "pathname based MAC".
So here's my opinion. If anybody can't explain clear reason (or needs)
to keep these ambiguities unsolved, we should consider to merge
the proposal.
Thanks.
--
Toshiharu Harada
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line &qu
21 matches
Mail list logo