Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching

From: Pavel Machek
Date: Fri Jun 15 2007 - 08:32:22 EST


> I also don't care about the details of how it gets
> implemented, but when the AA people have a working
> implementation, and the SELinux people are strongly
> opposed to the concept, I don't see any advantage in

Actually, SELinux people 'liked' the concept -- they are willing to
extend SELinux to handle new files better. And not only SELinux people
are opposed to AA.

> if the SELinux people had responded to the announcement
> of AA with "that's a nice idea, if we add these snippits
> from your code to SELinux then we can do the same thing"
> it would be a very different story.

It was something like 'is there description of AA security model? We'd
like to take a look if we can do that within SELinux'. I tried to
forward them pdf, but it was more AA implementation description (not
AA model description) so it was probably not helpful.

So yes, SELinux people want to help.

(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at