Re: AppArmor Security Goal

From: Alan Cox
Date: Sat Nov 10 2007 - 18:56:54 EST

Next message: dave chung: "problems with spi interface & ads 784X under 2.6.23"
Previous message: Alan Cox: "Re: AppArmor Security Goal"
In reply to: Dr. David Alan Gilbert: "Re: AppArmor Security Goal"
Next in thread: david: "Re: AppArmor Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> but how can the system know if the directory the user wants to add is
> reasonable or not? what if the user says they want to store their
> documents in /etc?

A more clear example is wanting to wrap a specific tool with temporary
rules. Those rules would depend on the exact file being edited at this
moment - something root cannot know in advance
(although with apparmor I guess mv $my_file apparmour_magic.name ; foo;
mv it back might work 8))

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: dave chung: "problems with spi interface & ads 784X under 2.6.23"
Previous message: Alan Cox: "Re: AppArmor Security Goal"
In reply to: Dr. David Alan Gilbert: "Re: AppArmor Security Goal"
Next in thread: david: "Re: AppArmor Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]