On Wed, 2008-04-09 at 07:11 -0600, Matthew Wilcox wrote: > On Wed, Apr 09, 2008 at 05:37:38PM +0900, Toshiharu Harada wrote: > > LWN article 239962 says, "At the 2006 summit, Linus took a clear > > position that the use of pathnames for security policies seemed > > reasonable to him". Current LSM implementation is sufficient for SELinux > > and other label based MACs but not for pathname-based MACs. > > This has been argued in the AppAmor thread for quite a long time. > > Though proposals had been posted by AppArmor and TOMOYO Linux project, > > none has been merged until now. > > How about an approach which doesn't require the vfsmount to be passed > down? > > When the rule is put in place, say "No modifications to /etc/passwd", > look up the inode and major:minor of /etc/passwd. If there's a rename, > look up the new inode number. If it's mounted elsewhere, it doesn't > matter, they still can't modify it because it has the same > major:minor:inode. > > Is this workable? Sounds similar to audit watches, e.g. see audit_add_watch() and audit_handle_ievent(). That leverages inotify internally. -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
