From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756097Ab0CIAQS (ORCPT ); Mon, 8 Mar 2010 19:16:18 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:45703 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753884Ab0CIAQP (ORCPT ); Mon, 8 Mar 2010 19:16:15 -0500 Date: Tue, 9 Mar 2010 00:15:54 +0000 From: Al Viro To: Linus Torvalds Cc: Rik van Riel , Alan Cox , Ingo Molnar , James Morris , linux-kernel@vger.kernel.org, Kyle McMartin , Alexander Viro Subject: Re: Upstream first policy Message-ID: <20100309001554.GP30031@ZenIV.linux.org.uk> References: <20100308094647.GA14268@elte.hu> <20100308173008.7ae389ab@lxorguk.ukuu.org.uk> <4B9585BD.6070904@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-08-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 08, 2010 at 03:37:38PM -0800, Linus Torvalds wrote: > Of course, you can make /etc unwritable, and that is indeed the > traditional UNIX model of handling namespace security: by just > implementing it as "content security" of the directory. > > The sgid and sticky bits can be used to further try to make it more > fine-grained (exactly becuase it is _not_ sufficient to say "you can't > read or write this directory" on a whole-directory basis), and obviously > SELinux has extensions of its own too. But that's not what the apparmor et.al. are doing. If you want (and that's not obviously a good thing) fine-grained access control for directory entries, it would at least make some sense. Prohibitively pricy, probably, but that's a separate story. But they are *NOT* protecting /foo/bar directory entry when you want to protect /foo/bar/baz/barf; it doesn't go up towards root. And if you *do* protect each ancestor and try to keep granularity, you'll end up with complexity from hell.