Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching

From: David Wagner
Date: Sun Jun 24 2007 - 16:51:51 EST

Next message: Jan Engelhardt: "Re: Scaling Max IP address limitation"
Previous message: Alan Cox: "Re: Is it time for remove (crap) ALSA from kernel tree ?"
In reply to: David Wagner: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Next in thread: David Wagner: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen Smalley wrote:
>On Fri, 2007-06-22 at 01:06 -0700, John Johansen wrote:
>> No the "incomplete" mediation does not flow from the design. We have
>> deliberately focused on doing the necessary modifications for pathname
>> based mediation. The IPC and network mediation are a wip.
>
>The fact that you have to go back to the drawing board for them is that
>you didn't get the abstraction right in the first place.

Calling this "going back to the drawing board" board strikes me as an
unfair criticism, when the real situation is that in the future the AA
folks will need to extend their code to mediate network and IPC (not
throw all the current code away and start over from scratch, and not
replace big swaths of the current code).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan Engelhardt: "Re: Scaling Max IP address limitation"
Previous message: Alan Cox: "Re: Is it time for remove (crap) ALSA from kernel tree ?"
In reply to: David Wagner: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Next in thread: David Wagner: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]