lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070609001703.GA17644@kroah.com>
Date:	Fri, 8 Jun 2007 17:17:03 -0700
From:	Greg KH <greg@...ah.com>
To:	Andreas Gruenbacher <agruen@...e.de>
Cc:	Stephen Smalley <sds@...ho.nsa.gov>, Pavel Machek <pavel@....cz>,
	jjohansen@...e.de, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,
	pathname matching

On Sat, Jun 09, 2007 at 12:03:57AM +0200, Andreas Gruenbacher wrote:
> AppArmor is meant to be relatively easy to understand, manage, and customize, 
> and introducing a labels layer wouldn't help these goals.

Woah, that describes the userspace side of AA just fine, it means
nothing when it comes to the in-kernel implementation.  There is no
reason that you can't implement the same functionality using some
totally different in-kernel solution if possible.

> SELinux is applicable in areas where AppArmor is not (e.g., MLS), but
> this comes at a cost. For me the question is not SELinux or AppArmor,
> but if AppArmor's security model is a good solution in common
> scenarios. In my opinion, AppArmor is a better answer than SELinux in
> a number of scenarios. This gives it value, nonwithstanding the fact
> that SELinux can be taken further.

I am still not completely certian that we can not properly implement AA
functionality using a SELinux backend solution.  Yes, the current tools
that try to implement this are still lacking, and maybe the kernel needs
to change, but that is possible.

I still want to see a definition of the AA "model" that we can then use
to try to implement using whatever solution works best.  As that seems
to be missing the current argument of if AA can or can not be
implemented using SELinux or something totally different should be
stopped.

So, AA developers, do you have such a document anywhere?  I know there
are some old research papers, do they properly describe the current
model you are trying to implement here?

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ