Re: [AppArmor 39/45] AppArmor: Profile loading andmanipulation,pathname matching

From: Sean
Date: Sat Jun 09 2007 - 01:45:55 EST

Next message: Tarkan Erimer: "Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Previous message: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
In reply to: david: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathnamematching"
Next in thread: david: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathnamematching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 8 Jun 2007 22:38:57 -0700 (PDT)
david@xxxxxxx wrote:

> so are you suggesting that SELinux would call out to userspace for every
> file open to get the label for that file?
>

No, i'm not. You must already have a kernel function in the current
implementation of AA that decides the proper policy for each path. Why
not use it to feed labels into SELinux.

Sean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tarkan Erimer: "Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Previous message: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
In reply to: david: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathnamematching"
Next in thread: david: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathnamematching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]