Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Linda A. Walsh
Date: Thu Apr 20 2006 - 18:34:11 EST

Next message: Ram Pai: "[RFC PATCH 2/3] export symbol report: export-symbol usage report generator."
Previous message: Lukasz Stelmach: "unix socket connection tracking"
In reply to: Christoph Hellwig: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Kleen wrote:

Anyways, I guess the bigger issue is with hard links anyways
(Chris gave a long list of other ways to get aliases in path names
earlier). Discussing those might be much more fruitful.

Can't speak to a list I haven't seen, but hard links are not
a problem. Hard links can only be used within a volume. Simply
place all your allowed executables on one partition/volume. Perhaps it is mounted read/only from a DVD or over an NFS share.
Hard links become a non problem if users can't write to the volume
that the files reside on.

Linda

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ram Pai: "[RFC PATCH 2/3] export symbol report: export-symbol usage report generator."
Previous message: Lukasz Stelmach: "unix socket connection tracking"
In reply to: Christoph Hellwig: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]