Re: Upstream first policy
From: Rik van Riel
Date: Mon Mar 08 2010 - 18:19:32 EST
On 03/08/2010 01:08 PM, Linus Torvalds wrote:
Things like "/etc/passwd" really are about the _pathname_, not the inode.
It really is the _path_ that is special, because that is fundamentally the
thing you trust.
On the other hand, '/etc/shadow' has the opposite constraint,
where the system will not trust most of the applications with
the data from that file.
Using label security to protect the contents makes sense there.
Your example appears to be about "can the application trust
the data?", while the label based security solves "can the
application be trusted with the data?"
These are two different things.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/