Re: Problem with accessing namespace_sem from LSM.

2007-11-05 Thread Toshiharu Harada
functions and LSM hooks seems to be a good choice to me. Cheers, Toshiharu Harada - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

2007-10-31 Thread Toshiharu Harada
, that is agreed by everyone , but if we try to share something that we can not share, we will fail. From the fact existing LSM did not satisfy any module (including SELinux), I do not want to investigate stack able version. Cheers, Toshiharu Harada - To unsubscribe from this list: send the line unsubscribe

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

2007-10-30 Thread Toshiharu Harada
to be the result of common requirements. Common means good in general, but not always for security perspective. IMHO, I think it is possible for us to get to the conclusion not to have a framework. Cheers (and with love to Linux), Toshiharu Harada - To unsubscribe from this list: send the line unsubscribe

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

2007-10-29 Thread Toshiharu Harada
to help. I mean, please count me in. PS Chris, I've been waiting for your comments for our code. :) Regards, Toshiharu Harada - To unsubscribe from this list: send the line unsubscribe linux-security-module in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org

Re: [RFC] TOMOYO Linux

2007-06-15 Thread Toshiharu Harada
Stephen Smalley wrote: On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote: 2007/6/13, Stephen Smalley [EMAIL PROTECTED]: On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote: Here are examples: /bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash /bin/bash process

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

2007-05-28 Thread Toshiharu Harada
2007/5/27, Kyle Moffett [EMAIL PROTECTED]: On May 27, 2007, at 03:25:27, Toshiharu Harada wrote: 2007/5/27, Kyle Moffett [EMAIL PROTECTED]: How is that argument not trivially circular? Foo has an assumption that foo-property is always properly defined and maintained. That could be said

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

2007-05-27 Thread Toshiharu Harada
2007/5/27, Kyle Moffett [EMAIL PROTECTED]: On May 26, 2007, at 19:08:56, Toshiharu Harada wrote: 2007/5/27, James Morris [EMAIL PROTECTED]: On Sat, 26 May 2007, Kyle Moffett wrote: AppArmor). On the other hand, if you actually want to protect the _data_, then tagging the _name_ is flawed

Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

2007-05-26 Thread Toshiharu Harada
inventing and assigning a *new* name (label name) to objects which can cause flaws. I'm not saying labeled security or SELinux is wrong. I just wanted to remind that the important part is the process not the result. :-) -- Toshiharu Harada [EMAIL PROTECTED] - To unsubscribe from this list: send