Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759810AbXFZXwY (ORCPT ); Tue, 26 Jun 2007 19:52:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1757374AbXFZXwN (ORCPT ); Tue, 26 Jun 2007 19:52:13 -0400 Received: from smtp2.linux-foundation.org ([207.189.120.14]:36777 "EHLO smtp2.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754191AbXFZXwM (ORCPT ); Tue, 26 Jun 2007 19:52:12 -0400 Date: Tue, 26 Jun 2007 16:52:02 -0700 From: Andrew Morton To: jjohansen@suse.de Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [AppArmor 00/44] AppArmor security module overview Message-Id: <20070626165202.bfe8e6df.akpm@linux-foundation.org> In-Reply-To: <20070626230756.519733902@suse.de> References: <20070626230756.519733902@suse.de> X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.6; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3239 Lines: 78 On Tue, 26 Jun 2007 16:07:56 -0700 jjohansen@suse.de wrote: > This post contains patches to include the AppArmor application security > framework, with request for inclusion into -mm for wider testing. Patches 24 and 31 didn't come through. Rolled-up diffstat (excluding 24&31): fs/attr.c | 7 fs/dcache.c | 181 ++- fs/ecryptfs/inode.c | 41 fs/exec.c | 3 fs/fat/file.c | 2 fs/hpfs/namei.c | 2 fs/namei.c | 115 +- fs/nfsd/nfs4recover.c | 7 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/vfs.c | 89 + fs/ntfs/file.c | 2 fs/open.c | 50 fs/reiserfs/file.c | 2 fs/reiserfs/xattr.c | 8 fs/splice.c | 4 fs/stat.c | 2 fs/sysfs/file.c | 2 fs/utimes.c | 11 fs/xattr.c | 75 - fs/xfs/linux-2.6/xfs_lrw.c | 2 include/linux/audit.h | 12 include/linux/fs.h | 27 include/linux/nfsd/nfsd.h | 3 include/linux/security.h | 182 ++- include/linux/sysctl.h | 2 include/linux/xattr.h | 11 ipc/mqueue.c | 2 kernel/audit.c | 6 kernel/sysctl.c | 27 mm/filemap.c | 12 mm/filemap_xip.c | 2 mm/shmem.c | 2 mm/tiny-shmem.c | 2 net/unix/af_unix.c | 2 security/Kconfig | 1 security/Makefile | 1 security/apparmor/Kconfig | 10 security/apparmor/Makefile | 13 security/apparmor/apparmor.h | 265 +++++ security/apparmor/apparmorfs.c | 252 +++++ security/apparmor/inline.h | 211 ++++ security/apparmor/list.c | 94 + security/apparmor/locking.txt | 68 + security/apparmor/lsm.c | 817 ++++++++++++++++ security/apparmor/main.c | 1255 +++++++++++++++++++++++++ security/apparmor/match.c | 248 ++++ security/apparmor/match.h | 83 + security/apparmor/module_interface.c | 589 +++++++++++ security/apparmor/procattr.c | 155 +++ security/commoncap.c | 7 security/dummy.c | 43 security/selinux/hooks.c | 94 - 52 files changed, 4701 insertions(+), 404 deletions(-) which seems OK. so... where do we stand with this? Fundamental, irreconcilable differences over the use of pathname-based security? Are there any other sticking points? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/