Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook | KernelTrap

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: <Valdis.Kletnieks@...>

To: Kyle Moffett <mrmacman_g4@...>

Cc: Toshiharu Harada <haradats@...>, James Morris <jmorris@...>, <casey@...>, Andreas Gruenbacher <agruen@...>, <linux-kernel@...>, <linux-security-module@...>, <linux-fsdevel@...>

Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

Date: Tuesday, May 29, 2007 - 5:17 pm

On Mon, 28 May 2007 21:54:46 EDT, Kyle Moffett said:

quoted text> Average users are not supposed to be writing security policy.  To be  
> honest, even average-level system administrators should not be  
> writing security policy.  It's OK for such sysadmins to tweak  
> existing policy to give access to additional web-docs or such, but  
> only expert sysadmin/developers or security professionals should be  
> writing security policy.  It's just too damn easy to get completely  
> wrong.

The single biggest challenge in computer security at the present time is how to
build *and deploy* servers that stay reasonably secure even when run by the
average wave-a-dead-chicken sysadmin, and desktop-class boxes that can survive
the best attempts of Joe Sixpack's "Ooh shiny" reflex, and Joe's kid's attempts
to evade the nannyware that Joe had somebody install.

(If you know how to build such things, don't bother replying.  If you have
actual field experience on getting significant percents of Joe Sixpacks to
switch, I need to buy you a beer or something.. ;)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Thu May 24, 9:19 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Fri May 25, 4:01 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Thu May 24, 2:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Thu May 24, 2:58 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sat May 26, 1:20 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Cliffe, (Sun May 27, 4:34 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Sun May 27, 12:12 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 9:07 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Sat May 26, 2:45 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Sat May 26, 7:08 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sat May 26, 10:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Sun May 27, 3:25 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 9:35 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Mon May 28, 6:41 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Mon May 28, 9:54 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Toshiharu Harada, (Tue May 29, 10:38 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Tue May 29, 5:17 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Crispin Cowan, (Wed May 30, 1:52 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Pavel Machek, (Thu May 24, 10:40 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Alan Cox, (Wed May 30, 6:06 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Sat May 26, 10:37 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Sun May 27, 1:32 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Pavel Machek, (Mon May 28, 4:38 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Kyle Moffett, (Mon May 28, 10:00 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 7:46 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Tetsuo Handa, (Sat May 26, 8:09 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Andreas Gruenbacher, (Sat May 26, 9:41 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Tetsuo Handa, (Sat May 26, 10:44 am)

Re: Pass struct vfsmount to the inode_create LSM hook, Kyle Moffett, (Sat May 26, 2:16 pm)

Re: Pass struct vfsmount to the inode_create LSM hook, Andreas Gruenbacher, (Sat May 26, 12:52 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 1:17 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 1:43 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Fri May 25, 4:00 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 4:27 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Crispin Cowan, (Sat May 26, 1:27 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., James Morris, (Sat May 26, 2:41 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Alan Cox, (Sat May 26, 9:34 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 10:05 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 2:10 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Fri May 25, 3:06 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Sat May 26, 8:10 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Casey Schaufler, (Sat May 26, 6:58 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., , (Sat May 26, 9:33 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Tetsuo Handa, (Fri May 25, 9:40 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Jeremy Maitin-Shepard, (Fri May 25, 2:13 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Fri May 25, 12:14 am)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Al Viro, (Thu May 24, 2:40 pm)

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_creat..., Andreas Gruenbacher, (Thu May 24, 5:56 pm)

Navigation

Popular discussions


linux-kernel:
Artem Bityutskiy	[PATCH 10/44 take 2] [UBI] debug unit implementation
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Trent Piepho	[PATCH] [POWERPC] Improve (in\|out)_beXX() asm code
Dave Young	Re: Linux v2.6.24-rc1
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Linus Torvalds	Re: [GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Natalie Protasevich	[BUG] New Kernel Bugs
openbsd-misc:

Colocation donated by:

Who's online

There are currently 1 user and 666 guests online.

Online users

strcmp

Syndicate