On 2007-06-21T16:59:54, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> Or can access the data under a different path to which their profile
> does give them access, whether in its final destination or in some
> temporary file processed along the way.
Well, yes. That is intentional.
Your point is?
> The emphasis on never modifying applications for security in AA likewise
> has an adverse impact here, as you will ultimately have to deal with
> application mediation of access to their own objects and operations not
> directly visible to the kernel (as we have already done in SELinux for
> D-BUS and others and are doing for X). Otherwise, your "protection" of
> desktop applications is easily subverted.
That is an interesting argument, but not what we're discussing here.
We're arguing filesystem access mediation.
> Um, no. It might not be able to directly open files via that path, but
> showing that it can never read or write your mail is a rather different
> matter.
Yes. Your use case is different than mine.
Regards,
Lars
--
Teamlead Kernel, SuSE Labs, Research and Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
