From mboxrd@z Thu Jan  1 00:00:00 1970
From: James Morris <jmorris@namei.org>
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM
 hook
Date: Sat, 26 May 2007 14:41:22 -0400 (EDT)
Message-ID: <Line.LNX.4.64.0705261439590.23020@d.namei>
References: <312681.33492.qm@web36609.mail.mud.yahoo.com> <4657C547.6030506@novell.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: casey@schaufler-ca.com, Andreas Gruenbacher <agruen@suse.de>,
	Jeremy Maitin-Shepard <jbms@cmu.edu>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: Crispin Cowan <crispin@novell.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail7.sea5.speakeasy.net ([69.17.117.9]:45165 "EHLO
	mail7.sea5.speakeasy.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1762909AbXEZSlY (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sat, 26 May 2007 14:41:24 -0400
In-Reply-To: <4657C547.6030506@novell.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Fri, 25 May 2007, Crispin Cowan wrote:

> Finally, AA doesn't care what the contents of the executable are. We
> assume that it is a copy of metasploit or something, and confine it to
> access only the resources that the policy says.

As long as these resources are only files.  There is no confinement beyond 
that.


- James
-- 
James Morris
<jmorris@namei.org>