Hi,
On Fri, January 11, 2008 09:46, Tetsuo Handa wrote:
It depends.
Some users have to continue using brain dead legacy applications
without modification because ...
the application's source code is not available.
Source isn't needed, as long as the vendor has it.
the distributor no
On Thu, January 10, 2008 05:57, Tetsuo Handa wrote:
It seems to me that the alternatives you are proposing include
modification of userland applications. But my assumption is
that Don't require modification of userland applications.
If you want a secure system it isn't that unreasonable to
Hello,
On Wed, January 9, 2008 05:39, Tetsuo Handa wrote:
Hello.
Indan Zupancic wrote:
I think you focus too much on your way of enforcing filename/attributes
pairs.
So?
So that you miss alternatives and don't see the bigger picture.
The same can be achieved by creating the device nodes
On Thu, January 10, 2008 00:08, Serge E. Hallyn wrote:
These emails again are getting really long, but I think the gist of
Indan's suggestion can be concisely summarized:
No worry, I wasn't planning on extending it, I've said what I've to say.
Except...
To confine process P3 to
files are present, the MAC system used doesn't have to have special
device nodes attributes support. Protecting those files is enough to
guarantee filename/attributes pairs.
On Tue, January 8, 2008 14:50, Tetsuo Handa wrote:
Hello.
Indan Zupancic wrote:
I want to use this filesystem in case
Hi,
On Mon, December 17, 2007 01:40, Tetsuo Handa wrote:
Hello.
Indan Zupancic wrote:
What prevents them from mounting tmpfs on top of /dev, bypassing your fs?
Mandatory access control (MAC) prevents them from mounting tmpfs on top of
/dev .
MAC mediates namespace manipulation requests
Hi,
On Sun, December 16, 2007 13:03, Tetsuo Handa wrote:
Hello.
David Newall wrote:
You won't be able to login to the system because /sbin/mingetty
fails to chown/chmod /dev/tty* if /dev is mounted for read-only mode.
Good point. So, if only root can modify files in /dev, what's the
On Sun, July 22, 2007 18:28, Theodore Tso wrote:
On Sun, Jul 22, 2007 at 07:10:31AM +0300, Al Boldi wrote:
Sounds great, but it may be advisable to hook this into the partition
modification routines instead of mkfs/fsck. Which would mean that the
partition manager could ask the kernel to