Re: AppArmor Security Goal

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Crispin Cowan <crispin@...>

Cc: Dr. David Alan Gilbert <linux@...>, Arjan van de Ven <arjan@...>, Linux Kernel Mailing List <linux-kernel@...>, LSM ML <linux-security-module@...>, apparmor-dev <apparmor-dev@...>

Subject: Re: AppArmor Security Goal

Date: Saturday, November 10, 2007 - 6:57 pm

> Can you explain why you want a non-privileged user to be able to edit
quoted text> policy? I would like to better understand the problem here.

Because root doesn't trust users who in turn may not trust apps they run
or wish to control things. I don't see a problem with that viewpoint in
terms of forbidding things providing the user (or process tree) does not
get to undo rules merely add more restrictions.

quoted text> non-privileged user to further tighten the profile on a program. To me,
> that adds complexity with not much value, but if lots of users want it,
> then I'm wrong :)

Assuming you have any value in the first place, which is another topic, I
can see value for this in all the security models.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

AppArmor Security Goal, Crispin Cowan, (Thu Nov 8, 5:33 pm)

Re: AppArmor Security Goal, Andi Kleen, (Sat Nov 10, 5:04 pm)

Re: AppArmor Security Goal, , (Sat Nov 10, 5:28 pm)

Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:36 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 5:24 pm)

Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:23 pm)

Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 6:04 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 6:11 pm)

Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 6:24 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 6:41 pm)

Re: AppArmor Security Goal, Casey Schaufler, (Sat Nov 10, 10:17 pm)

Re: AppArmor Security Goal, Joshua Brindle, (Mon Nov 12, 8:10 pm)

Re: AppArmor Security Goal, Casey Schaufler, (Tue Nov 13, 12:58 am)

Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:55 pm)

Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 7:25 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 7:50 pm)

Re: AppArmor Security Goal, John Johansen, (Mon Nov 12, 9:20 pm)

Re: AppArmor Security Goal, Rogelio M. Serrano Jr., (Sun Nov 11, 3:02 am)

Re: AppArmor Security Goal, , (Sat Nov 10, 7:52 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 8:13 pm)

Re: AppArmor Security Goal, John Johansen, (Sun Nov 11, 12:17 am)

Re: AppArmor Security Goal, , (Sun Nov 11, 12:50 am)

Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 7:56 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 7:58 pm)

Re: AppArmor Security Goal, , (Sat Nov 10, 9:27 pm)

Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:59 pm)

Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 7:47 pm)

Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 6:57 pm)

Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 7:14 pm)

Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 7:54 pm)


linux-kernel:
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Heiko Carstens	Re: -mm merge plans for 2.6.23 -- sys_fallocate
git:

linux-netdev:
David Miller	Re: [GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 05/37] dccp: Cleanup routines for feature negotiation
Lennert Buytenhek	[PATCH 16/39] mv643xx_eth: get rid of ETH_/ethernet_/eth_ prefixes
openbsd-misc: