> But use of this filesystem is still valid when this filesystem is used with > policy based mandatory access control (such as SELinux, TOMOYO Linux) > because this filesystem guarantees where policy based mandatory access control > can't guarantee (i.e. filename and its attribute). > Policy based mandatory access control guarantees that "Only Bob can create block device file named sda1 in /dev directory". But it can't guarantee that /dev/sda1 will have block-8-1 attribute. If Bob is malicious and creates /dev/sda1 with block-8-2 attribute, other applications that depends on the attributes of /dev/sda1 goes wrong. So, this filesystem guarantees that /dev/sda1 has block-8-1 attribute. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- [patch 0/2] [RFC] Simple tamper-proof device filesystem. Tetsuo Handa
- [patch 1/2] [RFC] Simple tamper-proof device filesyste... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple tamper-proof device f... David Newall
- Re: [patch 1/2] [RFC] Simple tamper-proof devi... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple tamper-proof ... David Newall
- Re: [patch 1/2] [RFC] Simple tamper-p... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple tamp... David Newall
- Re: [patch 1/2] [RFC] Simple ... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple ... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple ... David Newall
- Re: [patch 1/2] [RFC] Simple ... AstralStorm
- Re: [patch 1/2] [RFC] Simple ... Indan Zupancic
- Re: [patch 1/2] [RFC] Simple ... Al Viro
- Re: [patch 1/2] [RFC] Simple ... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple ... Indan Zupancic
- Re: [patch 1/2] [RFC] Simple ... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple ... Al Boldi
- Re: [patch 1/2] [RFC] Simple ... Tetsuo Handa
- Re: [patch 1/2] [RFC] Simple ... AstralStorm