Re: Upstream first policy

From: Rik van Riel
Date: Mon Mar 08 2010 - 18:19:32 EST

Next message: David Rientjes: "Re: [patch] slab: add memory hotplug support"
Previous message: Tejun Heo: "Re: [PATCH 2/4] stop_machine: reimplement using cpuhog"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/08/2010 01:08 PM, Linus Torvalds wrote:

Things like "/etc/passwd" really are about the _pathname_, not the inode.
It really is the _path_ that is special, because that is fundamentally the
thing you trust.

On the other hand, '/etc/shadow' has the opposite constraint,
where the system will not trust most of the applications with
the data from that file.

Using label security to protect the contents makes sense there.

Your example appears to be about "can the application trust
the data?", while the label based security solves "can the
application be trusted with the data?"

These are two different things.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "Re: [patch] slab: add memory hotplug support"
Previous message: Tejun Heo: "Re: [PATCH 2/4] stop_machine: reimplement using cpuhog"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]