Re: AppArmor FAQ — Linux Kernel

On Wed, 18 Apr 2007, Crispin Cowan wrote:

Please explain why labels are necessary for effective confinement. Many
systems besides AppArmor have used non-label schemes for effective
confinement: TRON, Janus, LIDS, Systrace, BSD Jail, EROS, PSOS, KeyOS,
AS400, to name just a few. This claim seems bogus. Labels may be your
method of choice for confinement, but they are far from the only way.

One problem with AppArmor and Janus and Systrace and everything else thatrelies on pathname resolution is the point where they do the pathnameresolution.

If you read the janus, systrace, subdomain (apparmor's predecssor?)papers, you'll see how they have to jump through hoops to handle thingslike symlinks, when there's no fundamental reason why they have to.

If one simply worked at the FS level, all one cares about is lookup() andpermission. You have a set of rules that lookup() is able to use todynamically tag dentries and permission() then checks that tag. Onedoesn't jump through hoops anymore.

So, while I sound like a broken record, something like a stackable filesystem works wonders here (I know, I implemented one). Now, stackablefile systems aren't perfect here (mount point crossing, additional mountedfile systems on top of the stackable file system) can cause problems,overall it seems like a cleaner solution.

Another option would be if the LSM could be extended to allow a simplemethod of storing "private" data along with every dentry/inode (the mainreason one needs a stackable file system). In this way, if the lookup()oepration was extended to be able to take a function that filled in thatdata and permission() was able to be extended to take a function thatcould use that data, one wouldn't even need a stackable file system, butone would still be operating at the simplest layer (which is the filesystem).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- Re: AppArmor FAQ
  - From: Andi Kleen <andi@firstfloor.org>
- Re: AppArmor FAQ
  - From: Casey Schaufler <casey@schaufler-ca.com>
- Re: AppArmor FAQ
  - From: Andi Kleen <andi@firstfloor.org>
- Re: AppArmor FAQ
  - From: Alan Cox <alan@lxorguk.ukuu.org.uk>
- Re: AppArmor FAQ
  - From: James Morris <jmorris@namei.org>
- Re: AppArmor FAQ
  - From: Crispin Cowan <crispin@novell.com>

Prev by Date: Re: [RFC 1/2] Input: ff, add FF_RAW effect
Next by Date: Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
Previous by thread: Re: AppArmor FAQ
Next by thread: Re: AppArmor FAQ
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]