Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Andi Kleen
Date: Tue Apr 25 2006 - 09:45:02 EST

Next message: Jani-Matti Hätinen: "Re: Lock-up with modprobe sdhci after suspending to ram"
Previous message: Jens Axboe: "Re: fs/splice.c:286: warning: comparison of distinct pointer types lacks a cast"
In reply to: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 25 April 2006 14:42, James Carter wrote:

> I talk to one of the unconfined people at the table and ask them to
> rename the "knife" to "spoon". Now I am free to do what I wish.

That assumes that your jail allows talking to other people.

> You don't care about the name "knife", you care about the object it
> represents.

In the apparmor model you only care about what the application is allowed
to do. If it does anything extraordinary like trying to talk to people it
shouldn't talk to it gets a veto.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jani-Matti Hätinen: "Re: Lock-up with modprobe sdhci after suspending to ram"
Previous message: Jens Axboe: "Re: fs/splice.c:286: warning: comparison of distinct pointer types lacks a cast"
In reply to: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]