Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching

From: Pavel Machek
Date: Fri Jun 15 2007 - 08:32:22 EST


Hi!

> I also don't care about the details of how it gets
> implemented, but when the AA people have a working
> implementation, and the SELinux people are strongly
> opposed to the concept, I don't see any advantage in

Actually, SELinux people 'liked' the concept -- they are willing to
extend SELinux to handle new files better. And not only SELinux people
are opposed to AA.

> if the SELinux people had responded to the announcement
> of AA with "that's a nice idea, if we add these snippits
> from your code to SELinux then we can do the same thing"
> it would be a very different story.

It was something like 'is there description of AA security model? We'd
like to take a look if we can do that within SELinux'. I tried to
forward them pdf, but it was more AA implementation description (not
AA model description) so it was probably not helpful.

So yes, SELinux people want to help.

--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/