login
Header Space

 
 

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Tetsuo Handa <from-lsm@...>
Cc: <david@...>, <linux-kernel@...>, <linux-security-module@...>
Date: Friday, June 8, 2007 - 11:25 pm

On Sat, 9 Jun 2007 11:01:41 +0900
Tetsuo Handa <from-lsm@I-love.SAKURA.ne.jp> wrote:


is trying to implement, is to do in one step what SELinux does in two
steps; that is trying to combine labelling and enforcement into a
single step.  If this is so, then why can't it just feed its automatic
labelling into SELinux enforcement code?


That paper seems entirely focused on the automatic generation of policy,
and doesn't seem to help the discussion along.   For instance, there may
be a way to implement AA on top of SELinux _without_ giving each and
every file its own label.


AA must have a function that decides the security rights for any given
path in order to make its enforcement decisions.  It must surely be able
to deal with all those things you listed above (bind-mounts,hard links etc).
So why can't those decisions be turned into labels that are fed into SELinux
enforcement code?

Sean.
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Mon Jun 4, 5:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Fri Jun 8, 6:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Sat Jun 9, 11:17 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Tue Jun 12, 1:03 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Sean, (Fri Jun 8, 11:25 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Thu Jun 21, 11:54 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 12:08 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:35 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:24 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 3:54 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 8:42 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Tue Jun 26, 4:50 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 5:17 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 6:49 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 8:19 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 7:37 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Fri Jun 22, 8:54 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Lars Marowsky-Bree, (Thu Jun 21, 4:21 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Fri Jun 22, 5:59 am)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Thu Jun 21, 12:01 pm)
Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Andreas Gruenbacher, (Sat Jun 9, 11:05 am)
speck-geostationary