| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Dec 2007 08:43:11 -0800 (PST) From: Casey Schaufler <casey@...aufler-ca.com> To: Valdis.Kletnieks@...edu, Pavel Machek <pavel@....cz> Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem. --- Valdis.Kletnieks@...edu wrote: > On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said: > > > > > Why not use SELinux? > > > > > > Because SELinux doesn't guarantee filename and its attribute. > > > The purpose of this filesystem is to ensure filename and its attribute > > > (e.g. /dev/null is guaranteed to be a character device file > > > with major=1 and minor=3). > > > > Why not improve selinux to be able to assign label of new file based > > on directory label and name? > > The problem isn't the label, it's the *other* attributes... > > What happens if /dev/null has the correct SELinux label, but the major/minor > is 1,27 rather than 1,3? Isn't this the kind of thing that Bastille is good for? Casey Schaufler casey@...aufler-ca.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists