, with the labeling behavior for newly created objects being
controlled from a well defined policy. You probably want to avoid getting
into the situation of needing a TE relabel on a production system in any
case.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line
existing access
control.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
can't protect
against software flaws, which has been a pretty fundamental and widely
understood requirement in general computing for at least a decade.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message
On Wed, 18 Apr 2007, Crispin Cowan wrote:
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play
but
not to others. That's not a hole.
I don't know what else you'd call it.
Would you mind providing some concrete examples of how such a model would
be useful?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message
. There is no confinement beyond
that.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
in directories labeled as public_html_t (or whatever).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
find /usr/src/linux | xargs setfattr -n user.foo -v bar
On my system, it takes about 1.2 seconds to label a fully checked out
kernel source tree with ~23,000 files in this manner, on a stock standard
ext3 filesystem with a SATA drive.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe
, you've performed your labeling up front, and don't have to
effectively relabel each file each time on each access, which is what
you're really doing with pathname labeling.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel
when you
mv directories, either.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 15 Jun 2007, Seth Arnold wrote:
The time for restorecon is probably best imagined as a kind of 'du' that
also updates extended attributes as it does its work. It'd be very
difficult to improve on this.
restorecon can most definitely be improved.
- James
--
James Morris
[EMAIL
On Fri, 15 Jun 2007, Casey Schaufler wrote:
--- James Morris [EMAIL PROTECTED] wrote:
On my system, it takes about 1.2 seconds to label a fully checked out
kernel source tree with ~23,000 files in this manner
That's an eternity for that many files to be improperly labeled
not work is a fairly significant consideration, I
would imagine.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
of a technical issue, right?
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
could use to escape?
And why isn't this documented clearly, with the implications fully
explained? - David Wagner, http://www.cs.berkeley.edu/~daw/
Indeed.
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body
and then provide feedback on
this, in good faith.
The underlying issues only came up again in response to an inflammatory
post by Lars. If you want to avoid discussions of AppArmor's design, then
I suggest taking it up with those who initiate them.
- James
--
James Morris
[EMAIL PROTECTED
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, 12 Jul 2007, David Patrick Quigley wrote:
From: David P. Quigley [EMAIL PROTECTED]
Revalidate the write permissions for fallocate(2), in case security policy has
changed since the files were opened.
Signed-off-by: David P. Quigley [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL
.
For mailing list subscription information, please see:
http://linux-nfs.org/cgi-bin/mailman/listinfo/labeled-nfs
Prior discussion of this project (which started out as SELinux-specific)
may be found at: http://thread.gmane.org/gmane.linux.nfsv4/5341
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe
On Thu, 9 Aug 2007, David Howells wrote:
James Morris [EMAIL PROTECTED] wrote:
+ u32 (*inode_get_secid)(struct inode *inode);
To maintain API consistency, please return an int which only acts as an
error code, and returning the secid via a *u32 function parameter.
Does that apply
the inode
pointer around?
(I know it's not always possible, but much preferred).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
line if possible (the
80-col rule can be broken for this).
But in any case, it looks ok to me.
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More
it
returns EOPNOTSUPP.
Signed-off-by: David P. Quigley [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
will be necessary anyway.
That code may still change -- Arjan's update, for example.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 31 Oct 2007, David P. Quigley wrote:
On Sat, 2007-10-27 at 08:14 +1000, James Morris wrote:
On Fri, 26 Oct 2007, Serge E. Hallyn wrote:
It wouldn't be much effort to rebase this patch against Linus's latest
tree. I am assuming that the static lsm patch is in there based
it
returns EOPNOTSUPP.
Signed-off-by: David P. Quigley [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http
. The conversion is similar to the one performed by Al Viro for the
security_getprocattr hook.
Signed-off-by: David P. Quigley [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel
Please review.
Tested with SELinux in enforcing mode.
---
All instances of rw_verify_area() are followed by a call to
security_file_permission(), so just call the latter from the former.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
fs/compat.c |4 ---
fs/read_write.c | 63
of the lock debugging enabled?
- James
--
James Morris
[EMAIL PROTECTED]
into a library if desired, there is no need
to make any changes for filesystems with text options (i.e. the general
case).
- James
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More
32 matches
Mail list logo