On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote: > On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <[email protected]> wrote: > > > > > > > so... where do we stand with this? Fundamental, irreconcilable > > > differences over the use of pathname-based security? > > > > > There certainly seems to be some differences of opinion over the use > > of pathname-based-security. > > I was refreshed to have not been cc'ed on a lkml thread for once. I guess > it couldn't last. > sorry about that > Do you agree with the "irreconcilable" part? I think I do. > I will concede that this may be the case for some. However I am still hopeful (perhaps naive) that this isn't the case in general. > I suspect that we're at the stage of having to decide between > > a) set aside the technical issues and grudgingly merge this stuff as a > service to Suse and to their users (both of which entities are very > important to us) and leave it all as an object lesson in > how-not-to-develop-kernel-features. > > Minimisation of the impact on the rest of the kernel is of course > very important here. Agreed, and I hope any changes that are made are for the benefit of the kernel in general and will find uses in other parts. > > versus > > b) leave it out and require that Suse wear the permanent cost and > quality impact of maintaining it out-of-tree. It will still be an > object lesson in how-not-to-develop-kernel-features. > > Sigh. Please don't put us in this position again. Get stuff upstream > before shipping it to customers, OK? It ain't rocket science. > Indeed, I can only appologize for the past, and offer reassurances that we intend to do our best to do, it right going forward. > > > Are there any other sticking points? > > > > > > > > The conditional passing of the vfsmnt mount in the vfs, as done in this > > patch series, has received a NAK. This problem results from NFS passing > > a NULL nameidata into the vfs. We have a second patch series that we > > have posted for discussion that addresses this by splitting the nameidata > > struct. > > Message-Id: <[email protected]> > > Subject: [RFD 0/4] AppArmor - Don't pass NULL nameidata to > > vfs_create/lookup/permission IOPs > > > > other issues that have been raised are: > > - AppArmor does not currently mediate IPC and network communications. > > Mediation of these is a wip > > - the use of d_path to generate the pathname used for mediation when a > > file is opened. > > - Generating the pathname using a reverse walk is considered ugly > > - A buffer is alloced to store the generated path name. > > - The buffer size has a configurable upper limit which will cause > > opens to fail if the pathname length exceeds this limit. This > > is a fail closed behavior. > > - there have been some concerns expressed about the performance > > of this approach > > We are evaluating our options on how best to address this issue. > > OK, useful summary, thanks. I'd encourage you to proceed apace. thankyou
Attachment:
pgpWkKLDYIoR8.pgp
Description: PGP signature
- References:
- [AppArmor 00/44] AppArmor security module overview
- From: [email protected]
- Re: [AppArmor 00/44] AppArmor security module overview
- From: Andrew Morton <[email protected]>
- Re: [AppArmor 00/44] AppArmor security module overview
- From: John Johansen <[email protected]>
- Re: [AppArmor 00/44] AppArmor security module overview
- From: Andrew Morton <[email protected]>
- [AppArmor 00/44] AppArmor security module overview
- Prev by Date: Re: [xfs-masters] Re: [BUG] Lockdep warning with XFS on 2.6.22-rc6
- Next by Date: Re: [PATCH] HPT374 is UDMA100 not UDMA133
- Previous by thread: Re: [AppArmor 00/44] AppArmor security module overview
- Next by thread: Re: [AppArmor 00/44] AppArmor security module overview
- Index(es):
 |