Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Alan Cox
Date: Tue Apr 18 2006 - 16:21:23 EST


On Maw, 2006-04-18 at 12:31 -0700, Crispin Cowan wrote:
> implements an approximation to the AppArmor security model, but does it
> with domains and types instead of path names, imposing a substantial
> cost in ease-of-use on the user.

I don't think thats true. A file name is a pretty meaningless object in
Unixspace let alone Linux after Al Plan9ified it somewhat. It has an
impact on policy design but if anything it makes it slightly harder for
the policy design work and _easier_ for users, who no longer have to
follow magic path rules.

If you think about it, what matters is the object not the name. Who
cares what a 'cool executable' file from the internet is called. If I'm
doing policy for a large corporate then I wan't it not to be executable
unless someone has blessed it. It can be in /tmp in a users home
directory or in /var/spool/mail. Either way I don't care what it is
called just what it *is*.

Can you answer the "when are you submitting it upstream" question ? I've
certainly not got any fundamental objection to another security system.
I doubt we'd all use it but we don't all use sys5 file systems or
reiserfs either.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/