Re: [AppArmor 00/44] AppArmor security module overview

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 26, 2007 at 07:47:00PM -0700, Andrew Morton wrote:
> On Tue, 26 Jun 2007 19:24:03 -0700 John Johansen <jjohansen@xxxxxxx> wrote:
> 
> > > 
> > > so...  where do we stand with this?  Fundamental, irreconcilable
> > > differences over the use of pathname-based security?
> > > 
> > There certainly seems to be some differences of opinion over the use
> > of pathname-based-security.
> 
> I was refreshed to have not been cc'ed on a lkml thread for once.  I guess
> it couldn't last.
> 
sorry about that

> Do you agree with the "irreconcilable" part?  I think I do.
> 
I will concede that this may be the case for some.  However I am still
hopeful (perhaps naive) that this isn't the case in general.

> I suspect that we're at the stage of having to decide between
> 
> a) set aside the technical issues and grudgingly merge this stuff as a
>    service to Suse and to their users (both of which entities are very
>    important to us) and leave it all as an object lesson in
>    how-not-to-develop-kernel-features.
> 
>    Minimisation of the impact on the rest of the kernel is of course
>    very important here.
Agreed, and I hope any changes that are made are for the benefit
of the kernel in general and will find uses in other parts.

> 
> versus
> 
> b) leave it out and require that Suse wear the permanent cost and
>    quality impact of maintaining it out-of-tree.  It will still be an
>    object lesson in how-not-to-develop-kernel-features.
> 
> Sigh.  Please don't put us in this position again.  Get stuff upstream
> before shipping it to customers, OK?  It ain't rocket science.
> 
Indeed, I can only appologize for the past, and offer reassurances
that we intend to do our best to do, it right going forward.

> > > Are there any other sticking points?
> > > 
> > > 
> > The conditional passing of the vfsmnt mount in the vfs, as done in this
> > patch series, has received a NAK.  This problem results from NFS passing
> > a NULL nameidata into the vfs.  We have a second patch series that we
> > have posted for discussion that addresses this by splitting the nameidata
> > struct.
> > Message-Id: <20070626231510.883881222@xxxxxxx>
> > Subject: [RFD 0/4] AppArmor - Don't pass NULL nameidata to
> > vfs_create/lookup/permission IOPs
> > 
> > other issues that have been raised are:
> > - AppArmor does not currently mediate IPC and network communications.
> >   Mediation of these is a wip
> > - the use of d_path to generate the pathname used for mediation when a
> >   file is opened.
> >   - Generating the pathname using a reverse walk is considered ugly
> >   - A buffer is alloced to store the generated path name.
> >   - The  buffer size has a configurable upper limit which will cause
> >     opens to fail if the pathname length exceeds this limit.  This
> >     is a fail closed behavior.
> >   - there have been some concerns expressed about the performance
> >     of this approach
> >   We are evaluating our options on how best to address this issue.
> 
> OK, useful summary, thanks.  I'd encourage you to proceed apace.

thankyou

Attachment: pgpyJYsAVheDm.pgp
Description: PGP signature


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux