Re: [patch 01/15] security: pass path to inode_create

From: Miklos Szeredi
Date: Mon Jun 02 2008 - 07:53:04 EST

Next message: Ilpo Järvinen: "Re: [bug] stuck localhost TCP connections, v2.6.26-rc3+"
Previous message: Jeremy Fitzhardinge: "Re: [PATCH 08 of 12] xen-console: add save/restore"
In reply to: Miklos Szeredi: "Re: [patch 01/15] security: pass path to inode_create"
Next in thread: Matthew Wilcox: "Re: [patch 01/15] security: pass path to inode_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > I maintain, that moving lsm hooks into callers is insane. And that's
> > > *the* sanest alternative that anybody has been able to come up with to
> > > passing down vfsmounts into the vfs.
> >
> > Not so. I showed how pathname-based security could be done *without*
> > passing vfsmounts down at all. Unfortunately, you weren't interested.
>
> Umm, not sure what you are referring to. Could you please give a
> pointer? I'm sure the apparmor developers would be more than
> interested in such a scheme, if it does indeed work.

Found it:

http://lkml.org/lkml/2008/4/9/98

I did not take part in that discussion and could not have been able to
contribute anyway. From a cursory read of the thread, the idea was
good, but not entirely applicable to apparmor. Or did I miss
something?

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ilpo Järvinen: "Re: [bug] stuck localhost TCP connections, v2.6.26-rc3+"
Previous message: Jeremy Fitzhardinge: "Re: [PATCH 08 of 12] xen-console: add save/restore"
In reply to: Miklos Szeredi: "Re: [patch 01/15] security: pass path to inode_create"
Next in thread: Matthew Wilcox: "Re: [patch 01/15] security: pass path to inode_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]