Re: AppArmor FAQ

From: Andi Kleen
Date: Tue Apr 17 2007 - 14:10:40 EST

Next message: Serge E. Hallyn: "Re: [Devel] Re: [patch 05/10] add "permit user mounts in new namespace" clone flag"
Previous message: divy: "[PATCH 2.6.21 2/2] cxgb3 - PHY interrupts and GPIO pins."
In reply to: James Morris: "Re: AppArmor FAQ"
Next in thread: Casey Schaufler: "Re: AppArmor FAQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 17, 2007 at 01:47:39PM -0400, James Morris wrote:
> Normal applications need zero modification under SELinux.
>
> Some applications which manage security may need to be made SELinux-aware,

Anything that can touch /etc/resolv.conf? That's potentially a lot of binaries
if you consider anything scripts could do with it.

> although this can often be done with PAM plugins, which is a standard way
> to do this kind of thing in modern Unix & Linux OSs.

PAM plugins in vi and emacs? Scary idea.

And what do you do if someone decides to use OpenOffice to edit their
/etc/resolv.conf? For a lot of people that's the only text editor
they know.

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "Re: [Devel] Re: [patch 05/10] add "permit user mounts in new namespace" clone flag"
Previous message: divy: "[PATCH 2.6.21 2/2] cxgb3 - PHY interrupts and GPIO pins."
In reply to: James Morris: "Re: AppArmor FAQ"
Next in thread: Casey Schaufler: "Re: AppArmor FAQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]