Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Lars Marowsky-Bree
Date: Mon Apr 24 2006 - 04:13:34 EST

Next message: Lars Marowsky-Bree: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Previous message: Lars Marowsky-Bree: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2006-04-21T10:24:37, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:

> > (With AppArmor, of course, you never lose labels at all, because there
> > aren't any.)
> But you do lose preservation of security properties, e.g. renaming a
> file suddenly moves it under different protection. Same end result.

This is not correct, as far as I understand. As the app can only rename
in it has access to both the old and the new path.

--
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX Products GmbH - A Novell Business -- Charles Darwin
"Ignorance more frequently begets confidence than does knowledge"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lars Marowsky-Bree: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Previous message: Lars Marowsky-Bree: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Valdis . Kletnieks: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]