From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Morris Subject: Re: AppArmor FAQ Date: Tue, 17 Apr 2007 13:47:39 -0400 (EDT) Message-ID: References: <20070416213350.GB4030@suse.de> <1176822230.3366.65.camel@localhost.localdomain> <1176825641.5946.41.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Karl MacMillan , David Safford , John Johansen , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org To: Andi Kleen Return-path: Received: from mail7.sea5.speakeasy.net ([69.17.117.9]:41824 "EHLO mail7.sea5.speakeasy.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161257AbXDQRro (ORCPT ); Tue, 17 Apr 2007 13:47:44 -0400 In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tue, 17 Apr 2007, Andi Kleen wrote: > You nicely show one of the major disadvantages of the label model vs the path > model here: it requires modification of a lot of applications. This is incorrect. Normal applications need zero modification under SELinux. Some applications which manage security may need to be made SELinux-aware, although this can often be done with PAM plugins, which is a standard way to do this kind of thing in modern Unix & Linux OSs. In any case, it has never been unusual for security-critical Unix/Linux apps to be aware of extra security frameworks, and conditionally utilize things like kerberos, tcpwrappers, SSL, skey etc. Also, there's nothing inherent in pathname labeling vs. object labeling which makes one model require modification of applications more than the other. You're taking one implementation of each and extrapolating to the general case, without even taking into consideration that the modifications only refer to security-management functions. Also, in terms of implementation, these security schemes are quite different in their coverage and features, so it's an apples vs. oranges comparison anyway. Thanks, - James -- James Morris