Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook | KernelTrap

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Cliffe <cliffe@...>

To: Kyle Moffett <mrmacman_g4@...>

Cc: <casey@...>, Andreas Gruenbacher <agruen@...>, James Morris <jmorris@...>, <linux-kernel@...>, <linux-security-module@...>, <linux-fsdevel@...>

Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

Date: Sunday, May 27, 2007 - 4:34 am

>> On the other hand, if you actually want to protect the _data_, then 
tagging the _name_ is flawed; tag the *DATA* instead.

Would it make sense to label the data (resource) with a list of paths 
(names) that can be used to access it?

Therefore the data would be protected against being accessed via 
alternative arbitrary names. This may be a simple label to maintain and 
(possibly to) enforce, allowing path based confinement to protect a 
resource. This may allow for the benefits of pathname based confinement 
while avoiding some of its problems.

Obviously this would not protect against a pathname pointing to 
arbitrary data…


Just a thought.

Z. Cliffe Schreuders.


-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Thu May 24, 9:19 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Fri May 25, 4:01 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Thu May 24, 2:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Thu May 24, 2:58 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sat May 26, 1:20 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Cliffe, (Sun May 27, 4:34 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Sun May 27, 12:12 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 9:07 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Sat May 26, 2:45 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Sat May 26, 7:08 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sat May 26, 10:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Sun May 27, 3:25 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 9:35 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Mon May 28, 6:41 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Mon May 28, 9:54 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Tue May 29, 10:38 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Tue May 29, 5:17 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Crispin Cowan, (Wed May 30, 1:52 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Pavel Machek, (Thu May 24, 10:40 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Alan Cox, (Wed May 30, 6:06 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Sat May 26, 10:37 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 1:32 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Pavel Machek, (Mon May 28, 4:38 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Mon May 28, 10:00 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 7:46 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Tetsuo Handa, (Sat May 26, 8:09 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Andreas Gruenbacher, (Sat May 26, 9:41 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Tetsuo Handa, (Sat May 26, 10:44 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Kyle Moffett, (Sat May 26, 2:16 pm)

Re: Pass struct vfsmount to the inode_create LSM hook, Andreas Gruenbacher, (Sat May 26, 12:52 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 1:17 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 1:43 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Fri May 25, 4:00 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 4:27 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Crispin Cowan, (Sat May 26, 1:27 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Sat May 26, 2:41 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Alan Cox, (Sat May 26, 9:34 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 10:05 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 2:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 3:06 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 8:10 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Sat May 26, 6:58 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Sat May 26, 9:33 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Tetsuo Handa, (Fri May 25, 9:40 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 2:13 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Fri May 25, 12:14 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Al Viro, (Thu May 24, 2:40 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Thu May 24, 5:56 pm)

Navigation

Popular discussions


linux-kernel:
Linus Torvalds	Linux 2.6.27-rc5
Jared Hulbert	[PATCH 00/10] AXFS: Advanced XIP filesystem
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Linus Torvalds	Linux 2.6.27-rc8
git:

linux-netdev:
David Miller	[GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Mark McLoughlin	[PATCH] bridge: make bridge-nf-call-*tables default configurable
Gerrit Renker	[PATCH 03/37] dccp: List management for new feature negotiation
openbsd-misc:

Colocation donated by:

Who's online

There are currently 5 users and 904 guests online.

Online users

Syndicate