From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Toshiharu Harada" <haradats@gmail.com>
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
Date: Sun, 27 May 2007 08:08:56 +0900
Message-ID: <9d732d950705261608j4bc72cd4s4378df9848101c84@mail.gmail.com>
References: <309300.41401.qm@web36615.mail.mud.yahoo.com>
	 <B4A3C582-68F9-4077-B058-03B79A5577EB@mac.com>
	 <Line.LNX.4.64.0705261442000.23020@d.namei>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "Kyle Moffett" <mrmacman_g4@mac.com>, casey@schaufler-ca.com,
	"Andreas Gruenbacher" <agruen@suse.de>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: "James Morris" <jmorris@namei.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <Line.LNX.4.64.0705261442000.23020@d.namei>
Content-Disposition: inline
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

2007/5/27, James Morris <jmorris@namei.org>:
> On Sat, 26 May 2007, Kyle Moffett wrote:
> > AppArmor).  On the other hand, if you actually want to protect the _data_,
> > then tagging the _name_ is flawed; tag the *DATA* instead.
>
> Bingo.
>
> (This is how traditional Unix DAC has always functioned, and is what
> SELinux does: object labeling).

Object labeling (or labeled security) looks simple and straight forward way,
but it's not.

(1) Object labeling has a assumption that labels are always properly
defined and maintained. This can not be easily achieved.
(2) Also, assigning a label is something like inventing and assigning
a *new* name (label name) to objects which can cause flaws.

 I'm not saying labeled security or SELinux is wrong.  I just wanted to
remind that  the important part is the "process" not the "result". :-)

-- 
Toshiharu Harada
haradats@gmail.com