Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Stephen Smalley
Date: Tue Apr 25 2006 - 11:02:28 EST

Next message: Shailabh Nagar: "Re: [Patch 0/8] per-task delay accounting"
Previous message: Russell King: "Re: sd cards : OCR busy?"
In reply to: Theodore Ts'o: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Casey Schaufler: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2006-04-25 at 08:46 -0400, Theodore Ts'o wrote:
> On Tue, Apr 25, 2006 at 03:50:00AM -0400, James Morris wrote:
> > To make a rough analogy (as Ted mentioned his IETF work earlier...):
> >
> > The fundamental mechanisms of IPsec are sound. It has taken many, many
> > years to get it to this stage, despite claims of it being "too
> > complicated". In that time, several "simple" protocols were designed and
> > implemented to address the "complexity" issues, but it turns out, after
> > all, that with the right level of abstraction and tools, IPsec is not too
> > complicated to be secure or to use: by the obvious example of both its
> > widespread adoption and, afaik, no systemic security failures.
>
> And yet, many people use SSH and TLS, and it is more than sufficient
> for their needs. Despite being very involved with the development of
> IPSec, and Kerberos, there are plenty of times when I will tell people
> to *not* use those technologies because they are *just* *too*
> *complicated*.
>
> Choice is good.
>
> SELinux should not be the only way to do things.

That's fine - it doesn't explain why a path-based access control
mechanism belongs in the kernel. Or why LSM is the right way to
implement such a mechanism, given the complete mismatch in the placement
and interfaces of its hooks.

Let's keep the debate separate, please - there is one debate regarding
removal of LSM, and you've expressed your view there. There is another
debate regarding whether AppArmor belongs in the kernel, and that
depends on the answers to the above questions. But it isn't sufficient
to argue that because SELinux isn't the only true way that AppArmor
should be merged, eh?

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shailabh Nagar: "Re: [Patch 0/8] per-task delay accounting"
Previous message: Russell King: "Re: sd cards : OCR busy?"
In reply to: Theodore Ts'o: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Casey Schaufler: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]