On Wednesday 06 June 2007 15:26, Stephen Smalley wrote:
On Mon, 2007-06-04 at 23:03 +0200, Andreas Gruenbacher wrote:
[...] SELinux turns pathnames into labels when it
initially labels all files (when a policy is rolled out), whereas
AppArmor computes the label of each file when a file is
On Sat, Jun 09, 2007 at 12:03:57AM +0200, Andreas Gruenbacher wrote:
AppArmor is meant to be relatively easy to understand, manage, and customize,
and introducing a labels layer wouldn't help these goals.
Woah, that describes the userspace side of AA just fine, it means
nothing when it comes
Hello.
David Lang wrote:
as I understand it SELinux puts one label on each file, so if you have
three files accessed by two programs such that
program A accesses files X Y
program B accesses files Y Z
then files X Y and Z all need separate labels with the policy stateing
that program A
On Sat, 9 Jun 2007 11:01:41 +0900
Tetsuo Handa [EMAIL PROTECTED] wrote:
From the discussion so far, it seems that the different model that AA
is trying to implement, is to do in one step what SELinux does in two
steps; that is trying to combine labelling and enforcement into a
single step. If
