Re: TOMOYO Linux Security Goal

From: Valdis . Kletnieks
Date: Fri Dec 28 2007 - 12:24:22 EST

Next message: Gabor Gombas: "Oops involving RFCOMM and sysfs"
Previous message: Dave Kleikamp: "Re: [PATCH] jfs: clear PAGECACHE_TAG_DIRTY for no-write pages"
In reply to: Serge E. Hallyn: "Re: TOMOYO Linux Security Goal"
Next in thread: Pavel Machek: "Re: TOMOYO Linux Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 28 Dec 2007 23:32:09 +0900, Tetsuo Handa said:

> You can run your system with only policy collected by learning mode.
> Thus, you basically don't need manual intervention.
> But since there are randomly named files (i.e. temporary files),
> you pay a little time to modify policy.
>
> The learning mode is to save time for permitting commonly accessed resources.
> Administrator reviews policy collected by learning mode. Thus the readability
> of policy is important so that administrator can understand what he/she is
> going to allow or reject.

Please make a *big* notation someplace that "learning mode" is quite likely to
*not* produce a totally correct policy. In particular, it won't build rules for
infrequently used code paths (such as error handling) unless you find a way to
exercise those paths while in learning mode.

Particularly fun - when learning mode doesn't create an entry for the logfile
for I/O errors. Then when one actually happens, you have no idea what it was...

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Gabor Gombas: "Oops involving RFCOMM and sysfs"
Previous message: Dave Kleikamp: "Re: [PATCH] jfs: clear PAGECACHE_TAG_DIRTY for no-write pages"
In reply to: Serge E. Hallyn: "Re: TOMOYO Linux Security Goal"
Next in thread: Pavel Machek: "Re: TOMOYO Linux Security Goal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]