From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joshua Brindle Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching Date: Thu, 21 Jun 2007 20:16:25 -0400 Message-ID: <467B14D9.8050000@manicmethod.com> References: <20070615200623.GA2616@elf.ucw.cz> <20070615211157.GB7337@kroah.com> <46732124.80509@novell.com> <20070616000251.GG2616@elf.ucw.cz> <20070621160840.GA20105@marowsky-bree.de> <20070621183311.GC18990@elf.ucw.cz> <20070621192407.GF20105@marowsky-bree.de> <20070621195400.GK20105@marowsky-bree.de> <1182459594.20464.16.camel@moss-spartans.epoch.ncsc.mil> <20070621211743.GN20105@marowsky-bree.de> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Stephen Smalley , James Morris , Pavel Machek , Crispin Cowan , Greg KH , Andreas Gruenbacher , jjohansen@suse.de, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org To: Lars Marowsky-Bree Return-path: Received: from exchange.columbia.tresys.com ([216.250.243.126]:3057 "HELO exchange.columbia.tresys.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751660AbXFVAQc (ORCPT ); Thu, 21 Jun 2007 20:16:32 -0400 In-Reply-To: <20070621211743.GN20105@marowsky-bree.de> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Lars Marowsky-Bree wrote: > On 2007-06-21T16:59:54, Stephen Smalley wrote: > > > >> Um, no. It might not be able to directly open files via that path, but >> showing that it can never read or write your mail is a rather different >> matter. >> > > Yes. Your use case is different than mine. > So.. your use case is what? If an AA user asked you to protect his mail from his browser I'm sure you'd truthfully answer "no, we can't do that but we can protect the path to your mail from your browser".. I think not. One need only look at the wonderful marketing literature for AA to see what you are telling people it can do, and your above statement isn't consistent with that, sorry.