Hello.
Crispin Cowan wrote:
AppArmor actually does something similar to this, by mediating all of
the ways that you can make an alias to a file. These are:
* Symbolic links: these actually don't work for making aliases with
respect to LSM-based security systems such as AppArmor,
--- Tetsuo Handa [EMAIL PROTECTED] wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
distinction may
On Tuesday 29 May 2007 12:46, Tetsuo Handa wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the
On Tue, 29 May 2007, Casey Schaufler wrote:
Conventional UNIX's access control can't restrict
which path_to_file can link with which another_path_to_file
because UNIX's access control is a label-based access control.
UNIX access control is attribute based, not label based. The
Hello.
Andreas Gruenbacher wrote:
But, from the pathname-based access control's point of view,
bind mount interferes severely with pathname-based access control
because it is impossible to determine which pathname was requested.
Wrong. It is very well possible to determine the path of a