Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Chris Wright
Date: Thu Apr 20 2006 - 15:28:11 EST

Next message: Douglas Gilbert: "[Announce] sg3_utils-1.20 available"
Previous message: Crispin Cowan: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
In reply to: Crispin Cowan: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Arjan van de Ven (arjan@xxxxxxxxxxxxx) wrote:
> On Thu, 2006-04-20 at 00:32 +0200, Andi Kleen wrote:
> > Arjan van de Ven <arjan@xxxxxxxxxxxxx> writes:
> > >
> > > you must have a good defense against that argument, so I'm curious to
> > > hear what it is
> >
> > [I'm not from the apparmor people but my understanding is]
> >
> > Usually they claimed name spaces as the reason it couldn't work.
>
> I actually posted a list of 10 things that I made up in 3 minutes; just
> going over those 10 would be a good start already since they're the most
> obvious ones..

Yes, the conversation is all over the place. Many of the issues are
about some of the uglier parts of the AppArmor code, but the critical
issue is simple. Does their protection model actually protect against
their threat model. I would really like to see some grounded examples
that show whether it's broken or not.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Douglas Gilbert: "[Announce] sg3_utils-1.20 available"
Previous message: Crispin Cowan: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
In reply to: Crispin Cowan: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]