| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jul 2007 18:33:11 +0200 From: Andreas Gruenbacher <agruen@...e.de> To: Christoph Hellwig <hch@...radead.org> Cc: Casey Schaufler <casey@...aufler-ca.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Adrian Bunk <bunk@...sta.de>, Andrew Morton <akpm@...ux-foundation.org>, John Johansen <jjohansen@...e.de>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [AppArmor 00/44] AppArmor security module overview On Monday 02 July 2007 22:15, Christoph Hellwig wrote: > AA on the other hand just fucks up VFS layering [...] Oh come on, this claim clearly isn't justified. How on earth is passing vfsmounts down the lsm hooks supposed to break vfs layering? We are not proposing to pass additional information down to file systems. There is no barrier between the vfs and lsm hooks for vfsmounts even today -- only look at the inode_getattr hook; it already gets a vfsmount. Without vfsmount we cannot tell where in the namespace we are, but that information is essential for any kind of pathname based mechanism, AA or not, and even for plain reporting. LSM as a framework is supposed to allow different security mechanisms to be plugged in. It isn't flexible enough for us right now, and so we are proposing to extend it. What can be wrong about that? Andreas - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists