| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Line.LNX.4.64.0706152122520.29737@localhost.localdomain> Date: Fri, 15 Jun 2007 21:41:01 -0400 (EDT) From: James Morris <jmorris@...ei.org> To: david@...g.hm cc: Greg KH <greg@...ah.com>, Crispin Cowan <crispin@...ell.com>, Pavel Machek <pavel@....cz>, Andreas Gruenbacher <agruen@...e.de>, Stephen Smalley <sds@...ho.nsa.gov>, jjohansen@...e.de, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching On Fri, 15 Jun 2007, david@...g.hm wrote: > on the contrary, useing 'mv' is by far the cleanest way to do this. > > mv htdocs htdocs.old;mv htdocs.new htdocs > > this makes two atomic changes to the filesystem, but can generate thousands to > millions of permission changes as a result. OTOH, you've performed your labeling up front, and don't have to effectively relabel each file each time on each access, which is what you're really doing with pathname labeling. - James -- James Morris <jmorris@...ei.org> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists