Hello.
Serge E. Hallyn wrote:
> > > > * namespace manipulation. (i.e. mount()/umount()/pivot_root())
> > >
> > > do you track mounts namespace cloning?
> > >
> > Yes. TOMOYO can recognize mount operation with the following flags.
> >
> > --bind --move --remount
> > --make-unbindable --mak
On Fri, 28 Dec 2007 15:16:35 +0900 KaiGai Kohei wrote:
> kernel/cap_names.sh generates the body of cap_entries[] array,
> and it is invoked when we make the kernel.
>
> Signed-off-by: KaiGai Kohei <[EMAIL PROTECTED]>
> ---
> Makefile |9 +++
> cap_names.sh | 21
>
--- Jan Engelhardt <[EMAIL PROTECTED]> wrote:
>
> On Dec 26 2007 16:29, Andrew Morgan wrote:
> >>
> >> I'm assuming it's unintended - or rather it's harmless but has no use -
> >> but will let Andrew respond since he may have some cool idea i haven't
> >> thought of.
> >
> >This is not intended
On Fri, 28 Dec 2007 23:32:09 +0900, Tetsuo Handa said:
> You can run your system with only policy collected by learning mode.
> Thus, you basically don't need manual intervention.
> But since there are randomly named files (i.e. temporary files),
> you pay a little time to modify policy.
>
> The
Quoting Tetsuo Handa ([EMAIL PROTECTED]):
> Hello.
>
>
> Serge E. Hallyn wrote:
> > Auto-learning in itself doesn't seem novel, but so you're saying it's
> > novel in ust how integrated it is - no mnual intervention necessary?
>
> You can run your system with only policy collected by learning mo
Hello.
Serge E. Hallyn wrote:
> Auto-learning in itself doesn't seem novel, but so you're saying it's
> novel in ust how integrated it is - no mnual intervention necessary?
You can run your system with only policy collected by learning mode.
Thus, you basically don't need manual intervention.
Bu
On Wed, 26 Dec 2007 18:06:53 -0600
"Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> Quoting Chris Friedhoff ([EMAIL PROTECTED]):
> > Hello,
> >
> > in updating the documetation http://www.friedhoff.org/posixfilecaps.html
> > I noticed a change in the behavior.
> >
> > There was the behavior, when
On Fri, 28 Dec 2007, KaiGai Kohei wrote:
> Remaining issues:
> - We have to mount securityfs explicitly, or use /etc/fstab.
> It can cause a matter when we want to use this feature on
> very early phase on boot. (like /sbin/init)
Why can't early userspace itself mount securityfs?
I'm not eve