functions and
LSM hooks seems to be a good choice to me.
Cheers,
Toshiharu Harada
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
, that is agreed by everyone , but if we try to share
something that we can not share, we will fail. From the fact existing
LSM did not satisfy any module (including SELinux), I do not
want to investigate stack able version.
Cheers,
Toshiharu Harada
-
To unsubscribe from this list: send the line unsubscribe
to be the result of common requirements.
Common means good in general, but not always for security
perspective. IMHO, I think it is possible for us to get to the
conclusion not to have a framework.
Cheers (and with love to Linux),
Toshiharu Harada
-
To unsubscribe from this list: send the line unsubscribe
to help.
I mean, please count me in.
PS
Chris, I've been waiting for your comments for our code. :)
Regards,
Toshiharu Harada
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org
Stephen Smalley wrote:
On Wed, 2007-06-13 at 23:22 +0900, Toshiharu Harada wrote:
2007/6/13, Stephen Smalley [EMAIL PROTECTED]:
On Wed, 2007-06-13 at 17:13 +0900, Toshiharu Harada wrote:
Here are examples:
/bin/bash process invoked from mingetty: /sbin/mingetty /bin/bash
/bin/bash process
2007/5/27, Kyle Moffett [EMAIL PROTECTED]:
On May 27, 2007, at 03:25:27, Toshiharu Harada wrote:
2007/5/27, Kyle Moffett [EMAIL PROTECTED]:
How is that argument not trivially circular? Foo has an assumption
that foo-property is always properly defined and maintained. That
could be said
2007/5/27, Kyle Moffett [EMAIL PROTECTED]:
On May 26, 2007, at 19:08:56, Toshiharu Harada wrote:
2007/5/27, James Morris [EMAIL PROTECTED]:
On Sat, 26 May 2007, Kyle Moffett wrote:
AppArmor). On the other hand, if you actually want to protect
the _data_, then tagging the _name_ is flawed
inventing and assigning
a *new* name (label name) to objects which can cause flaws.
I'm not saying labeled security or SELinux is wrong. I just wanted to
remind that the important part is the process not the result. :-)
--
Toshiharu Harada
[EMAIL PROTECTED]
-
To unsubscribe from this list: send