| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <979511.88139.qm@web36601.mail.mud.yahoo.com> Date: Fri, 15 Jun 2007 19:57:17 -0700 (PDT) From: Casey Schaufler <casey@...aufler-ca.com> To: James Morris <jmorris@...ei.org>, Greg KH <greg@...ah.com> Cc: Pavel Machek <pavel@....cz>, Crispin Cowan <crispin@...ell.com>, Andreas Gruenbacher <agruen@...e.de>, Stephen Smalley <sds@...ho.nsa.gov>, jjohansen@...e.de, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching --- James Morris <jmorris@...ei.org> wrote: > On my system, it takes about 1.2 seconds to label a fully checked out > kernel source tree with ~23,000 files in this manner That's an eternity for that many files to be improperly labeled. If, and the "if" didn't originate with me, your policy is demonstrably correct (how do you do that?) for all domains you could claim that the action is safe, if not ideal. I can't say if an evaluation team would buy the "safe" argument. They've been known to balk before. Casey Schaufler casey@...aufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists