Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching

From: david
Date: Sun Jun 10 2007 - 05:06:07 EST


On Sun, 10 Jun 2007, Pavel Machek wrote:

Hi!

So, AA developers, do you have such a document anywhere? I know there
are some old research papers, do they properly describe the current
model you are trying to implement here?

Greg,
to implement the AA approach useing SELinux you need to have a way that
files that are renamed or created get tagged with the right label
automaticaly with no possible race condition.

If this can be done then it _may_ be possible to do the job that AA is
aimed at with SELinux, but the work nessasary to figure out what lables
are needed on what file would still make it a non-trivial task.

as I understand it SELinux puts one label on each file, so if you have
three files accessed by two programs such that
program A accesses files X Y
program B accesses files Y Z

then files X Y and Z all need seperate labels with the policy stateing
that program A need to access labels X, Y and program B needs to access
files Y Z

extended out this can come close to giving each file it's own label. AA
essentially does this and calls the label the path and computes it at
runtime instead of storing it somewhere.

Yes, and in the process, AA stores compiled regular expressions in
kernel. Ouch. I'll take "each file it's own label" over _that_ any time.

and if each file has it's own label you are going to need regex or similar to deal with them as well.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/