[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706041342.42178.agruen@suse.de>
Date: Mon, 4 Jun 2007 13:42:42 +0200
From: Andreas Gruenbacher <agruen@...e.de>
To: Pavel Machek <pavel@....cz>
Cc: jjohansen@...e.de, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 38/45] AppArmor: Module and LSM hooks
On Monday 04 June 2007 13:35, Pavel Machek wrote:
> On Mon 2007-06-04 13:25:30, Andreas Gruenbacher wrote:
> > On Monday 04 June 2007 12:55, Pavel Machek wrote:
> > > On Wed 2007-05-23 18:16:45, Andreas Gruenbacher wrote:
> > > > On Tuesday 15 May 2007 11:14, Pavel Machek wrote:
> > > > > Why is this configurable?
> > > >
> > > > The maximum length of a pathname is an arbitrary limit: we don't want
> > > > to allocate arbitrary amounts of of kernel memory for pathnames so we
> > > > introduce this limit and set it to a reasonable value. In the
> > > > unlikely case that someone uses insanely long pathnames, this limit
> > > > can be increased.
> > >
> > > vfs does not have configurable pathname limit, and I do not see what
> > > is so special about AA to require this kind of uglyness.
> >
> > You very well know that the vfs has a limit of PATH_MAX characters (4096)
> > for pathnames. This means that at most that many characters can be passed
> > at once.
What users can do is something like this:
chdir("some/long/path");
chdir("some/even/longer/path");
...
and the total length of the path can then exceed PATH_MAX characters. We can
only accept pathnames up to some upper limit, and we need to somehow define
what that limit is supposed to be. We could use PATH_MAX or some other
arbitrary number. In most situations PATH_MAX will be fine, but that's not
always guaranteed to be the case. So what's wrong about making this
configurable for special situations that we might run into? Module parameters
are *really* dead cheap.
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists