Re: [TOMOYO 5/9] Memory and pathname management functions.

From: Pavel Machek
Date: Fri Jun 15 2007 - 09:00:27 EST


> >>We limit the maximum length of any string data (such as
> >>domainname and pathnames) to TOMOYO_MAX_PATHNAME_LEN
> >>(which is 4000) bytes to fit within a single page.
> >>
> >>Userland programs can obtain the amount of RAM
> >>currently
> >>used by TOMOYO from /proc interface.
> >
> >Same NACK for this as for AppArmor, on exactly the same
> >grounds.
> >Please stop wasting your time on pathname-based
> >non-solutions.
> This issue is a very very small wart on an otherwise
> fine idea.
> It's really not worth getting bothered by. Truth is, big
> giant
> pathnames break lots of stuff already, both kernel and
> userspace.

> Just look in /proc for some nice juicy kernel breakage:
> cwd, exe, fd/*, maps, mounts, mountstats, root, smaps

Well, but we should be fixing that, not adding more. And /proc is
info-only, while this is security related code.

(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at