Hello.
Crispin Cowan wrote:
AppArmor actually does something similar to this, by mediating all of
the ways that you can make an alias to a file. These are:
* Symbolic links: these actually don't work for making aliases with
respect to LSM-based security systems such as AppArmor,
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
distinction may
On Tuesday 29 May 2007 12:46, Tetsuo Handa wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the
On Tue, 29 May 2007, Casey Schaufler wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
Hello.
Andreas Gruenbacher wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the path of a
On Mon, 28 May 2007 21:54:46 EDT, Kyle Moffett said:
Average users are not supposed to be writing security policy. To be
honest, even average-level system administrators should not be
writing security policy. It's OK for such sysadmins to tweak
existing policy to give access to