Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO.

From: Pavel Machek
Date: Wed Apr 16 2008 - 15:15:06 EST


Hi!

> > The question of protections on the object named /etc/passwd came
> > up time and time again. The notion that /etc/passwd could be a
> > symlink to /home/smalley/heeheehee really gave evaluators the
> > whillies. As did the chroot environment, where /roots/crispin/etc/passwd
> > could magicly become /etc/passwd.
> Why do people continue speaking symlinks and chroots?
> To avoid the effect of symlinks and chroots, AppArmor and TOMOYO Linux
> derive pathnames from dentry and vfsmount.
> If /etc/passwd was a symlink, the derived pathname will be /home/smalley/heeheehee.
> If accessed from inside a chroot, the derived pathname will be /roots/crispin/etc/passwd.
>
> It is true that namespace may differ between processes,
> but I think that that is the matter of how to restrict namespace manipulation operations.
> As I said, a system can't survive if namespace is madly manipulated.
> To keep the system workable, /bin/ must be the directory for binary programs,
> /etc/ must be the directory for configuration files, and so on in all namespaces.

Ehm? Where did you get those ideas?

I'm free to name my directories any way I want, and keep config files
in /pavlix_config, thank you... There is even distro that does
something like that, IIRC...

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/