[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Line.LNX.4.64.0704171323090.19432@d.namei>
Date: Tue, 17 Apr 2007 13:47:39 -0400 (EDT)
From: James Morris <jmorris@...ei.org>
To: Andi Kleen <andi@...stfloor.org>
cc: Karl MacMillan <kmacmill@...hat.com>,
David Safford <safford@...son.ibm.com>,
John Johansen <jjohansen@...e.de>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: AppArmor FAQ
On Tue, 17 Apr 2007, Andi Kleen wrote:
> You nicely show one of the major disadvantages of the label model vs the path
> model here: it requires modification of a lot of applications.
This is incorrect.
Normal applications need zero modification under SELinux.
Some applications which manage security may need to be made SELinux-aware,
although this can often be done with PAM plugins, which is a standard way
to do this kind of thing in modern Unix & Linux OSs.
In any case, it has never been unusual for security-critical Unix/Linux
apps to be aware of extra security frameworks, and conditionally utilize
things like kerberos, tcpwrappers, SSL, skey etc.
Also, there's nothing inherent in pathname labeling vs. object labeling
which makes one model require modification of applications more than the
other. You're taking one implementation of each and extrapolating to the
general case, without even taking into consideration that the
modifications only refer to security-management functions.
Also, in terms of implementation, these security schemes are quite
different in their coverage and features, so it's an apples vs. oranges
comparison anyway.
Thanks,
- James
--
James Morris
<jmorris@...ei.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists