Re: AppArmor FAQ

From: Karl MacMillan
Date: Tue Apr 17 2007 - 18:32:48 EST

Next message: William Lee Irwin III: "Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]"
Previous message: Karl MacMillan: "Re: AppArmor FAQ"
In reply to: Andi Kleen: "Re: AppArmor FAQ"
Next in thread: Alan Cox: "Re: AppArmor FAQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2007-04-18 at 00:12 +0200, Andi Kleen wrote:
> > The vast majority of applications are not
> > modified to be SELinux aware - only a small handful of security aware
> > applications are modified.
>
> All applications that can edit /etc/resolv.conf? That's nearly
> everything. You yourself gave the example; I'm not making anything up.
>

No - read my other mail on this subject.

>
> -Andi (sensing a loop in the thread -- things that already have been
> discussed come back from the dead.)
>
> P.S.: If you want to loop further please drop me from cc.
>

I might be wrong, but I think that the loop is partially coming from you
not understanding how policy normally handles labeling. There is some
information at http://www.nsa.gov/selinux/papers/slinux/node16.html.

Karl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Lee Irwin III: "Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]"
Previous message: Karl MacMillan: "Re: AppArmor FAQ"
In reply to: Andi Kleen: "Re: AppArmor FAQ"
Next in thread: Alan Cox: "Re: AppArmor FAQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]