Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

On Fri, 15 Jun 2007, Greg KH wrote:

Usually you don't do that by doing a 'mv' otherwise you are almost
guaranteed stale and mixed up content for some period of time, not to
mention the issues surrounding paths that might be messed up.


 on the contrary, useing 'mv' is by far the cleanest way to do this.

 mv htdocs htdocs.old;mv htdocs.new htdocs

 this makes two atomic changes to the filesystem, but can generate thousands
 to millions of permission changes as a result.


I agree, and yet, somehow, SELinux today handles this just fine, right?
:)

no it doesn't, SELinux as-is should take no action when the above commandis run, but SELinux implementing path-based permissions will have torelabel every file or directory in both trees.

Let's worry about speed issues later on when a working implementation is
produced, I'm still looking for the logical reason a system like this
can not work properly based on the expected AA interface to users.

if you are willing to live with the race conditions from the slow(re)labeling and write the software to scan the entire system to figureout the right policies (and then use inotify to watch the entire systemfor changes and (re)label the appropriate files) and accept that you can'tget any granular security for filesystems that don't nativly support ityou could make SELinux behave like AA.

but why should they be required to? are you saying that the LSM hooks arenot a valid API and should be removed with all future security modulesbeing based on SELinux?


David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>

References:
- [AppArmor 00/45] AppArmor security module overview
  - From: [email protected]
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Andreas Gruenbacher <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Crispin Cowan <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Pavel Machek <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Crispin Cowan <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: [email protected]
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
  - From: Greg KH <[email protected]>

Prev by Date: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Next by Date: Re: Versioning file system
Previous by thread: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
Next by thread: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]