Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[Andi Kleen]

On Thursday 27 April 2006 01:06, Ken Brush wrote:

> > 2/ What advantages does AppArmor provide over techniques involving
> >    virtualisation or gaol mechanisms?  Are these advantages worth
> >    while?

I would guess the advantage is easier administration. e.g. I always
found it a PITA to synchronize files like /etc/resolv.conf and similar
files into chroots.

It's similar as to why managing a single machine is much easier
than a cluster. Chroots already get you many of the drawbacks from
a cluster. That said it has its places, but chroot is not always
the answer.

> If you just wish to run every application in a chrooted jail. Would
> you still need a MAC solution?

Current chroot is probably not strong enough - if someone gets root
inside it it is easy to escape.

> > 3/ Is AppArmour's approach of using d_path to get a filename from a
> >    dentry valid and acceptable? 

I suppose it needs at least to use the proper vfsmounts instead of
walking the global list. That would need better hooks. And probably 
some caching (trying to match dentries directly?) to get better performance.

Regarding the basic use of pathnames I don't see a big problem. After
all the kernel uses dentries for everything too and dentries are
just a special form of path name too.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/