[apparmor] [RFC][PATCH 0/7] File descriptor labeling
Eric Paris
eparis at parisplace.org
Thu Apr 28 17:56:03 UTC 2011
On Thu, Apr 28, 2011 at 1:37 PM, Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 4/28/2011 5:35 AM, Roberto Sassu wrote:
>> On Thursday, April 28, 2011 01:27:19 AM Tyler Hicks wrote:
>>> On Wed Apr 27, 2011 at 01:19:55PM -0700, Casey Schaufler <casey at schaufler-ca.com> wrote:
>>>> On 4/27/2011 5:34 AM, Roberto Sassu wrote:
> On this point I most strongly disagree.
Casey, I'm glad you're trying to figure out what's going on here
because I certainly don't understand all the problems!
If there were some mechanism by which the 'lower' inode could be ONLY
accessibly by ecyptfs kernel internals it oculd be marked IS_PRIVATE
and skip all security checks on it. Then you only have SELinux
security checks on the upper inode. Which seems to make sense. My
problem is that this is ONLY acceptable if there is no way for
userspace to directly reference the lower struct inode.
Just a thought.
-Eric
More information about the AppArmor
mailing list