Return-Path: <linux-kernel-owner+w=401wt.eu-S1756212AbXKJXyc@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756212AbXKJXyc (ORCPT <rfc822;w@1wt.eu>);
	Sat, 10 Nov 2007 18:54:32 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755433AbXKJXyX
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Sat, 10 Nov 2007 18:54:23 -0500
Received: from outpipe-village-512-1.bc.nu ([81.2.110.250]:34278 "EHLO
	the-village.bc.nu" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
	with ESMTP id S1755415AbXKJXyW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sat, 10 Nov 2007 18:54:22 -0500
Date: Sat, 10 Nov 2007 23:54:05 +0000
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Crispin Cowan <crispin@crispincowan.com>
Cc: "Dr. David Alan Gilbert" <linux@treblig.org>,
       Arjan van de Ven <arjan@infradead.org>,
       Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
       LSM ML <linux-security-module@vger.kernel.org>,
       apparmor-dev <apparmor-dev@forge.novell.com>
Subject: Re: AppArmor Security Goal
Message-ID: <20071110235405.35381b7e@the-village.bc.nu>
In-Reply-To: <47363B44.4040100@crispincowan.com>
References: <473380AD.5070801@crispincowan.com>
	<20071110220455.GB24195@gallifrey>
	<47362C7C.2050202@crispincowan.com>
	<20071110222414.GC24195@gallifrey>
	<47363381.4030103@crispincowan.com>
	<20071110225755.5dd9b52b@the-village.bc.nu>
	<47363B44.4040100@crispincowan.com>
X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-redhat-linux-gnu)
Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street,
 Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a
 Lloegr o'r rhif cofrestru 3798903
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 838
Lines: 18

> I submit that the AppArmor model is valid, even if it totally failed all
> of David Gilbert's questions (I think AppArmor can actually provide
> about half of what he asked for).

The model looks valid. I have difficulty constructing many scenarios
where its useful but it appears valid providing you can tightly control
file renaming, which is very very questionable.

There are also some very awkward path based issues around shared file
objects (your controlling tty and TIOCSTI for one) that I need to look at
the code for once the VFS stuff is sorted and its likely to get merged.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/