Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Chris Wright
Date: Tue Apr 18 2006 - 19:28:41 EST

Next message: Luck, Tony: "RE: ia64_do_page_fault shows 19.4% slowdown from notify_die."
Previous message: art: "is this GPL v2 violation - konica-minolta or EFI ?"
In reply to: Crispin Cowan: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: James Morris: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Crispin Cowan (crispin@xxxxxxxxxx) wrote:
> However, I assert (emphatically :) that the broader user community has
> integrity and availability as higher priorities than secrecy, and that
> pathname-based access control is a better way to achieve that. I want to
> offer Linux users the choice of pathname-based access control if they
> want it. Why do you want to prevent them from having that choice?

I'm in favor of choice. And it's no doubt that users appreciate the
intuitiveness of pathname based security. The real question is the
actual security of the system. What we don't want is a choice that
embodies any false sense of security. So that is why it's important to
understand how AppArmor protects from the pathname based attacks.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luck, Tony: "RE: ia64_do_page_fault shows 19.4% slowdown from notify_die."
Previous message: art: "is this GPL v2 violation - konica-minolta or EFI ?"
In reply to: Crispin Cowan: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: James Morris: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]