From: "Justin P. Mattock" <justinmattock@gmail.com>
To: Daniel Phillips <phillips@phunq.net>
Cc: tux3@tux3.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [Tux3] Tux3 report: A Golden Copy
Date: Fri, 02 Jan 2009 19:39:48 -0800 [thread overview]
Message-ID: <495EDE04.5080703@gmail.com> (raw)
In-Reply-To: <200901021903.24189.phillips@phunq.net>
Daniel Phillips wrote:
> On Friday 02 January 2009 17:32, Justin P. Mattock wrote:
>
>> Daniel Phillips wrote:
>>
>>> On Friday 02 January 2009 15:11, Justin P. Mattock wrote:
>>>
>>>
>>>> The game that came to mind when I first
>>>> heard of tux3(I had to google a bit to find the name)
>>>> was tux racer. :^)
>>>> quick question:
>>>> what is the state for security file labeling for
>>>> SELinux on this filesystem?
>>>>
>>> There is a lot of interest in security labels. You are not the first
>>> to ask.
>>>
>>> Tux3 variable inode attributes are ideal for implementing security
>>> labels efficiently, way more lightweight than extended attributes.
>>> Otherwise, we would like to know exactly what people want.
>>>
>>> Regards,
>>>
>>> Daniel
>>>
>>>
>> thats probably one of the main areas of
>> interest that I have in filesystems,
>> the ability to run a policy etc..
>> As for what people want, thats tough
>> to say, my guess would be file corruption,
>> then probably security etc..
>>
>
> I meant, what do people specifically want in security. For SELinux,
> probably the most important issue is efficient extended attribute
> support, which Tux3 has a pretty good start on:
>
> http://lwn.net/Articles/300416/
> Tux3 gets a high speed atom smasher
>
>
Thats some crazy stuff!! and just think most of it is
simply magnets.(but more complicated than that)
> One feature we are kicking around to make life easier for SELinux:
> sometimes the filesystem can run while SELinux is not running, and
> security labels will be wrong when SELinux re-enters the picture. We
> have in mind to provide a persistent log of filesystem events that the
> security system can attach to on startup and find out what went on in
> its absence.
>
>
That sounds nice:
find out what went on in
its absence.
> And it might be nice to provide direct access to Tux3's variable inode
> attributes as I mentioned, letting the security system bypass the
> heavyweight xattr paths. My thinking is, the more direct the security
> path, the more likely it is to be secure, and the less overhead it has,
> the more likely people are to use it. Somebody might want to play with
> this idea and see if it makes a difference.
That makes sense:
the more direct the security
path, the more likely it is to be secure, and the less overhead it has,
> Of course, these features are secondary to base filesystem solidity,
> which will be the main focus for the next little while, but now is the
> time to talk about what you want, in case the design can be adjusted to
> make it more practical.
>
> More security wishes go here: ->[___________________]<-
>
> Regards,
>
> Daniel
>
>
I guess the most simplest wish would to make sure that tux3
does support SELinux, this way people have more options,
to work with.(Then worry about everything else later);
One of the main problems I have with osx and winxp
is the missing of such options(I feel naked without SELinux);
regards;
Justin P. Mattock
next prev parent reply other threads:[~2009-01-03 3:40 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-31 3:35 Tux3 report: A Golden Copy Daniel Phillips
2008-12-31 3:35 ` Daniel Phillips
2008-12-31 7:34 ` sniper
2008-12-31 8:00 ` [Tux3] " Daniel Phillips
2008-12-31 8:14 ` Justin P. Mattock
2008-12-31 10:09 ` Martin Steigerwald
2008-12-31 17:41 ` Justin P. Mattock
2008-12-31 17:41 ` Justin P. Mattock
2009-01-02 20:17 ` [Tux3] " Martin Steigerwald
2009-01-02 20:36 ` Justin P. Mattock
2009-01-02 20:36 ` Justin P. Mattock
2009-01-02 22:45 ` [Tux3] " Daniel Phillips
2009-01-02 23:11 ` Justin P. Mattock
2009-01-03 1:19 ` Daniel Phillips
2009-01-03 1:19 ` Daniel Phillips
2009-01-03 1:32 ` [Tux3] " Justin P. Mattock
2009-01-03 1:32 ` Justin P. Mattock
2009-01-03 3:03 ` [Tux3] " Daniel Phillips
2009-01-03 3:39 ` Justin P. Mattock [this message]
2009-01-04 3:17 ` Jamie Lokier
2009-01-04 4:15 ` Daniel Phillips
2009-01-04 4:29 ` Justin P. Mattock
2009-01-04 13:04 ` Theodore Tso
2009-01-05 1:10 ` Daniel Phillips
2009-01-05 2:13 ` Jamie Lokier
2009-01-08 2:50 ` Daniel Phillips
2009-01-08 4:38 ` Evgeniy Polyakov
2008-12-31 8:16 ` sniper
2008-12-31 8:31 ` Dave Chinner
2008-12-31 9:40 ` Daniel Phillips
2008-12-31 14:26 ` Andi Kleen
2008-12-31 18:14 ` sniper
2008-12-31 18:18 ` sniper
2008-12-31 18:18 ` sniper
2009-01-01 9:56 ` [Tux3] " Daniel Phillips
2009-01-01 14:46 ` Daniel Phillips
2009-01-01 23:58 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=495EDE04.5080703@gmail.com \
--to=justinmattock@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=phillips@phunq.net \
--cc=tux3@tux3.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.