Re: [AppArmor 00/44] AppArmor security module overview

From: John Johansen
Date: Wed Jun 27 2007 - 02:44:57 EST

Next message: Jeff Garzik: "Re: [PATCH] HPT374 is UDMA100 not UDMA133"
Previous message: Tim Shimmin: "Re: [xfs-masters] Re: [BUG] Lockdep warning with XFS on 2.6.22-rc6"
In reply to: Andrew Morton: "Re: [AppArmor 00/44] AppArmor security module overview"
Next in thread: Adrian Bunk: "Re: [AppArmor 00/44] AppArmor security module overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <jjohansen@xxxxxxx> wrote:
>
> > >
> > > so... where do we stand with this? Fundamental, irreconcilable
> > > differences over the use of pathname-based security?
> > >
> > There certainly seems to be some differences of opinion over the use
> > of pathname-based-security.
>
> I was refreshed to have not been cc'ed on a lkml thread for once. I guess
> it couldn't last.
>
sorry about that

> Do you agree with the "irreconcilable" part? I think I do.
>
I will concede that this may be the case for some. However I am still
hopeful (perhaps naive) that this isn't the case in general.

> I suspect that we're at the stage of having to decide between
>
> a) set aside the technical issues and grudgingly merge this stuff as a
> service to Suse and to their users (both of which entities are very
> important to us) and leave it all as an object lesson in
> how-not-to-develop-kernel-features.
>
> Minimisation of the impact on the rest of the kernel is of course
> very important here.
Agreed, and I hope any changes that are made are for the benefit
of the kernel in general and will find uses in other parts.

>
> versus
>
> b) leave it out and require that Suse wear the permanent cost and
> quality impact of maintaining it out-of-tree. It will still be an
> object lesson in how-not-to-develop-kernel-features.
>
> Sigh. Please don't put us in this position again. Get stuff upstream
> before shipping it to customers, OK? It ain't rocket science.
>
Indeed, I can only appologize for the past, and offer reassurances
that we intend to do our best to do, it right going forward.

> > > Are there any other sticking points?
> > >
> > >
> > The conditional passing of the vfsmnt mount in the vfs, as done in this
> > patch series, has received a NAK. This problem results from NFS passing
> > a NULL nameidata into the vfs. We have a second patch series that we
> > have posted for discussion that addresses this by splitting the nameidata
> > struct.
> > Message-Id: <20070626231510.883881222@xxxxxxx>
> > Subject: [RFD 0/4] AppArmor - Don't pass NULL nameidata to
> > vfs_create/lookup/permission IOPs
> >
> > other issues that have been raised are:
> > - AppArmor does not currently mediate IPC and network communications.
> > Mediation of these is a wip
> > - the use of d_path to generate the pathname used for mediation when a
> > file is opened.
> > - Generating the pathname using a reverse walk is considered ugly
> > - A buffer is alloced to store the generated path name.
> > - The buffer size has a configurable upper limit which will cause
> > opens to fail if the pathname length exceeds this limit. This
> > is a fail closed behavior.
> > - there have been some concerns expressed about the performance
> > of this approach
> > We are evaluating our options on how best to address this issue.
>
> OK, useful summary, thanks. I'd encourage you to proceed apace.

thankyou

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Jeff Garzik: "Re: [PATCH] HPT374 is UDMA100 not UDMA133"
Previous message: Tim Shimmin: "Re: [xfs-masters] Re: [BUG] Lockdep warning with XFS on 2.6.22-rc6"
In reply to: Andrew Morton: "Re: [AppArmor 00/44] AppArmor security module overview"
Next in thread: Adrian Bunk: "Re: [AppArmor 00/44] AppArmor security module overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]