On Fri, 2004-08-20 at 00:19, Hans Reiser wrote:
George Beshers wrote:
Masked Processes
- May not create hard links.
- Child processes [of a masked process] must inherit the parent's
mask bit and mask definition.
remind me - what is the mask tied to? UID/GID, EUID, PID, PGID?
On Fri, 2004-08-20 at 00:52, Hans Reiser wrote:
David Greaves wrote:
David
PS can I offer 'mask specification' (shortened to maskspec above)
instead of 'presentation mask' for the glossary.
Glossary? of?
Instead of mask specification, just say mask.
I think I like mask more
Lamont R. Peterson wrote:
On Fri, 2004-08-20 at 00:19, Hans Reiser wrote:
George Beshers wrote:
Masked Processes
- May not create hard links.
- Child processes [of a masked process] must inherit the parent's
mask bit and mask definition.
remind me - what is the mask tied to?
Hans Reiser wrote:
Lamont R. Peterson wrote:
On Fri, 2004-08-20 at 00:19, Hans Reiser wrote:
George Beshers wrote:
Masked Processes
- May not create hard links.
- Child processes [of a masked process] must inherit the parent's
mask bit and mask definition.
remind me - what is the mask tied
George Beshers wrote:
Hans Reiser wrote:
Lamont R. Peterson wrote:
On Fri, 2004-08-20 at 00:19, Hans Reiser wrote:
George Beshers wrote:
Masked Processes
- May not create hard links.
- Child processes [of a masked process] must inherit the
parent's mask bit and mask definition.
remind me -
Hans Reiser wrote:
George Beshers wrote:
Still, a batch mode for production servers is a concept that should
not be
discarded too quickly as static masks would certainly support a more
efficient implementation
I dispute this point. What do you think would be more efficient than
reiser4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lamont R. Peterson wrote:
| On Fri, 2004-08-20 at 00:52, Hans Reiser wrote:
|
|David Greaves wrote:
|
|
|David
|PS can I offer 'mask specification' (shortened to maskspec above)
|instead of 'presentation mask' for the glossary.
|
|
|
|Glossary? of?
|
George Beshers wrote:
Hans Reiser wrote:
George Beshers wrote:
Still, a batch mode for production servers is a concept that
should not be
discarded too quickly as static masks would certainly support a more
efficient implementation
I dispute this point. What do you think would be more
We only do filesystem isolation because that is our specialty,
filesystems, and it is better to do less well.
We fundamentally differ from other approaches because I don't think the
problem is in developing tools to allow people to fine grain security if
they take the time to do it, I think
Hans Reiser wrote:
We only do filesystem isolation because that is our specialty,
filesystems, and it is better to do less well.
We fundamentally differ from other approaches because I don't think the
problem is in developing tools to allow people to fine grain security if
they take the time
The LSM paper cited (that does not require paying money) says very
little about what they do with regards to the filesystem. Do you have a
more informative URL?
Hans Reiser wrote:
The LSM paper cited (that does not require paying money) says very
little about what they do with regards to the filesystem. Do you have a
more informative URL?
Okay. Here's what I found with a few clicks in Google. None of these will describe
exactly what you want to do.
The LSM paper cited (that does not require paying money) says very
little about what they do with regards to the filesystem. Do you have a
more informative URL?
Here's a concrete example of an LSM directory jail implementation. Not all the
features I think you're aiming for but it is
George Beshers wrote:
Ah, I suspect that this disagreement has more to do with:
What should go into the proof of concept implementation?
vs.
What is needed to win Linux community support?
Hans Reiser wrote:
George Beshers wrote:
include .|..|[ac-z][b-z][a-qs-z]|...+
A moments thought and
The honest answer is that it has been over a year since I looked at the
SELinux
stuff. It is on my to-do list to review what's there.
However, modulo that disclaimer, I believe what we are doing can
readily become
part of a larger strategy, indeed as you point out, it must to truely
promote
Hans Reiser wrote:
George
Beshers wrote:
- There is a *compiled mask* which is
designed to optimize *mask
evaluation*, i.e., the chroot like
semantics.
- The mask evaluation is done by the *mask interpreter* which is
in the kernel (reiser4 area until
George Beshers wrote:
The honest answer is that it has been over a year since I looked at the
SELinux stuff. It is on my to-do list to review what's there.
However, modulo that disclaimer, I believe what we are doing can
readily become part of a larger strategy, indeed as you point out, it
Motivation
--
See Hans's original post. In and of itself, viewprinting will not be
more secure than chroot. Viewprinting should be less work than
chroot. By virtue of its being easier to deploy and administer, the
net effect
Hi
I've been following and have an interest - I hope my comments and
observations are valuable.
First, allow me to suggest some more terminology - like George, I always
like to see this done early :)
Masklet : set of modifications to a filename's access authorisations
Mask: collection of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Dabbs wrote:
| If you only have three months to prove a concept and obtain continued
| funding, then I agree with Hans's preference for reusing as much
| existing work as possible. Adapting Hans's statement regarding
I've also been lurking and
Thanks for joining the discussion. I have answered your questions
as best I can for the moment---which in fact has been to make some
further points and encourage you and others to ask more questions
and make more suggestions :-)
David Dabbs wrote:
Questions
David Dabbs wrote:
Hans and George,
I've been lurking at the edge of this discussion and have not chimed in
mostly because I only have a dial-up connection here at my in-laws
house (and I'm suposed to be on vacation). Since there was a request for
arguments for or against Hans's preferred
George Beshers wrote:
Thanks for joining the discussion. I have answered your questions
as best I can for the moment---which in fact has been to make some
further points and encourage you and others to ask more questions
and make more suggestions :-)
David Dabbs wrote:
Questions
Hans Reiser wrote:
George Beshers wrote:
David Dabbs wrote:
In the original proposal posted to the list Hans (I think) referred
to viewprinting as chroot on steroids. Let's assume that the mask
creation tools deliver on making viewprint creation and maintainance
very easy/painless for admins.
David Masover wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Dabbs wrote:
| If you only have three months to prove a concept and obtain continued
| funding, then I agree with Hans's preference for reusing as much
| existing work as possible. Adapting Hans's statement regarding
I've
George Beshers wrote:
Hans Reiser wrote:
George Beshers wrote:
David Dabbs wrote:
In the original proposal posted to the list Hans (I think) referred
to viewprinting as chroot on steroids. Let's assume that the mask
creation tools deliver on making viewprint creation and
maintainance very
Hans Reiser wrote:
George Beshers wrote:
Chroot lacks fall through points.
Other than saving disk space is this important?
It is different.
Sure. I am trying to understand the advantages/disadvantages
of fall through points in your thinking.
Are you thinking about multiple processes, with
George Beshers wrote:
Hans Reiser wrote:
George Beshers wrote:
Chroot lacks fall through points.
Other than saving disk space is this important?
It is different.
Sure. I am trying to understand the advantages/disadvantages
of fall through points in your thinking.
Are you thinking about
Hans Reiser wrote:
George Beshers wrote:
Sure. I am trying to understand the advantages/disadvantages
of fall through points in your thinking.
Are you thinking about multiple processes, with different views, but
sharing a few resources, i.e., files of one form or another as
part of
a long
George Beshers wrote:
Ah... my language design background gets us into communication trouble
:-)
Suppose for a moment that exclude actually added functionality (as for
example
regular expressions over file names will) what terminology would you use?
You see, to me the exclude is, at some level,
Hans Reiser wrote:
Another approach is to use stem compressed names, or some other
unique within the fs format for the mask.
Can you elaborate on this for a newbie
fired
fireman
fireplace
get stored as
fired
!4man
!4place
if we use classic stem compression, if we use a tree that branches
It is very important that we have something simple that reuses code for
this purpose, and it also needs to be scalable. That is, we need to be
able to determine in insignificant time whether a file passes through a
mask consisting of a million files.
One approach would be to use a format
First a little (tentatively) suggested
terminology---translation of (tentatively) I stand
behind it until I begin to suspect I've made a mistake and then I
change sides ;-) :
1) A mask consists of a set of prescriptions (trying
to avoid rule) which defines a
subset of permissible
George Beshers wrote:
First a little (*/tentatively/*) suggested terminology---translation
of (/tentatively/) I stand
behind it until I begin to suspect I've made a mistake and then I
change sides ;-) :
1) A *mask *consists of a set of *prescriptions *(trying to avoid
rule) which defines a
34 matches
Mail list logo