On Wed, 23 May 2007, Andreas Gruenbacher wrote: > This is backwards from what AppArmor does. The policy defines which paths may > be accessed; all paths not explicitly listed are denied. If files are mounted > at multiple locations, then the policy may allow access to some locations but > not to others. That's not a hole. I don't know what else you'd call it. Would you mind providing some concrete examples of how such a model would be useful? - James -- James Morris <jmorris@xxxxxxxxx> - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
