On Sun, 10 Jun 2007, Pavel Machek wrote:then the kernel is going to have to call out to userspace every time a file is created or renamed and the policy is going to be enforced incorrectly until userspace finished labeling/relabeling whatever is moved. building this sort of race condigion for security into the kernel is highly questionable at best. see Linus' rants about why it's not automaticaly the best thing to move functionality into userspace. remember that the files covered by an AA policy can change as files are renamed. this isn't the case with SELinux so it doesn't have this sort of problem. David Lang -
| Arjan van de Ven | [Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in |
| Tilman Schmidt | git guidance |
| Vu Pham | Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel |
| Greg KH | [GIT PATCH] driver core patches against 2.6.24 |
git: | |
| David Miller | Re: Git and GCC |
| Mike | I don't want the .git directory next to my code. |
| Steffen Prohaska | merge vs rebase: Is visualization in gitk the only problem? |
| David Kastrup | What is the idea for bare repositories? |
| Richard Stallman | Real men don't attack straw men |
| GVG GVG | ssh_exchange_identification: Connection closed by remote host |
| Falk Brockerhoff | ftp-proxy and no route to host issue |
| Pieter Verberne | Remove escape characters from file |
| Chuck Lever | Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin" |
| David Miller | Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Stefan Richter | Re: [GIT]: Networking |
| jamal | Re: [LARTC] ifb and ppp |
