Hi!Actually, I surprised Lars a lot by telling him ln /etc/shadow /tmp/ allows any user to make AA ineffective on large part of systems -- in internal discussion. (It is not actually a _bug_, but it is certainly unexpected). (Does it surprise you, too? I'm pretty sure it would surprise many users). James summarized it nicely: # The design of the AppArmor is based on _appearing simple_, but at the # expense of completeness and thus correctness. If even Lars can be surprised by AAs behaviour, I do not think we can say "AA is different". I'm afraid that AA is trap for users. It appears simple, and mostly does what it is told, but does not do _what user wants_. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
| David Miller | [GIT]: Networking |
| Fred . | Please add ZFS support (from GPL sources) |
| Linus Torvalds | Linux 2.6.26-rc4 |
| Jan Engelhardt | Re: why does x86 "make defconfig" build a single, lonely module? |
git: | |
| Jörg Sommer | [PATCH 2/4] Rework redo_merge |
| Matthieu Moy | git push to a non-bare repository |
| Michael Dressel | git merge --no-commit <branch>; does commit |
| Joakim Tjernlund | [FEATURE REQUEST] git clone, just clone selected branches? |
| Daniel Ouellet | identifying sparse files and get ride of them trick available? |
| GVG GVG | ssh_exchange_identification: Connection closed by remote host |
| Unix Fan | Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cach... |
| Ihar Hrachyshka | Re: That whole "Linux stealing our code" thing |
| Daniel Brewer | Re: fsync performance hit on 1.6.1 |
| YAMAMOTO Takashi | yamt-km branch |
| der Mouse | Re: mjf-devfs2 branch |
| Ian Zagorskih | POSIX timer_settime() dosn't set timer in some cases (lost accuracy) |
