login
Header Space

 
 

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Greg KH <greg@...>
Cc: Stephen Smalley <sds@...>, Crispin Cowan <crispin@...>, Andreas Gruenbacher <agruen@...>, Pavel Machek <pavel@...>, <jjohansen@...>, <linux-kernel@...>, <linux-security-module@...>, <linux-fsdevel@...>
Date: Friday, June 15, 2007 - 6:37 pm

--- Greg KH <greg@kroah.com> wrote:


That segment is itself divided (think the "Judean Peoples Front"
and the "Peoples Front of Judea") on many issues, but as it has
always put correctness over ease of use I would expect AppArmor to
have a tough roe to hoe. There are other segments for which AppArmor
may well be appealing, and those segments have always been much
larger than Judea.


The JPF is head over heels in love with SELinux, restorecond and all.
The PFJ has some issues, but will most likely go along with the JPF
in part because the JPF is bringing the beer and besides, what are
their alternatives today? The PJF ("that's him, over there") is still
stunned by some of what SELinux accepts as normal (restorecond, 400,000
line "policy" definitions with embedded wildcards) and spends a lot
of time chanting the TCB Principle in hopes that it will help, but
no lightning strikes from above to date.

But you knew that. I'm an advocate of making a variety of alternates
available which is why I had originally proposed the authoritative
hooks version of the LSM and why I don't believe in rolling every
possible security facility into SELinux. I also believe in warning
people of pitfalls before they've impaled themselves on the spikes,
but some people gotta have the experience. Just trying to help.


Casey Schaufler
casey@schaufler-ca.com
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Mon Jun 4, 5:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Fri Jun 8, 6:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Sat Jun 9, 11:17 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Tue Jun 12, 1:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Casey Schaufler, (Fri Jun 15, 6:37 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Thu Jun 21, 11:54 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 12:08 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:35 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:24 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:54 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 8:42 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Tue Jun 26, 4:50 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 5:17 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 6:49 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 8:19 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 7:37 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 8:54 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 4:21 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Fri Jun 22, 5:59 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Thu Jun 21, 12:01 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Sat Jun 9, 11:05 am)
speck-geostationary