Re: Upstream first policy

From: Linus Torvalds
Date: Mon Mar 08 2010 - 14:16:24 EST

Next message: Cengiz GÃnay: "Re: sata_nv times out for BD-ROM iHOS104-08"
Previous message: Alexandre Bounine: "[PATCH v2 6/7] RapidIO: Add enabling SRIO port RX and TX"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Alan Cox: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Mar 2010, Linus Torvalds wrote:
>
> Sure, there is content security. Nobody disputes that. The security
> decision about how to open a file is about the contents of the file.

Btw, I would also say that content security is generally the _common_
case. So I'm not at all saying that the traditional unix model or the
selinux model is in any way "wrong". Not at all.

It's just that I certainly understand why some people think AppArmor is
more "intuitive". And I think it's directly related to the fact that
sometimes the pathname-based approach is the one that more directly
reflects the particular issue (and people are often happy with the
traditional UNIX semantics for plain inode-based security, so again, it's
not like AppArmor _replaces_ inode-based security, it _extends_ on it).

Linus

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cengiz GÃnay: "Re: sata_nv times out for BD-ROM iHOS104-08"
Previous message: Alexandre Bounine: "[PATCH v2 6/7] RapidIO: Add enabling SRIO port RX and TX"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Alan Cox: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]