From: Toshiharu Harada <haradats@nttdata.co.jp>
To: Christoph Hellwig <hch@infradead.org>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [TOMOYO 5/9] Memory and pathname management functions.
Date: Fri, 15 Jun 2007 10:19:42 +0900 [thread overview]
Message-ID: <4671E92E.1030100@nttdata.co.jp> (raw)
In-Reply-To: <20070614173423.GB14771@infradead.org>
Christoph Hellwig wrote:
> On Thu, Jun 14, 2007 at 04:36:09PM +0900, Kentaro Takeda wrote:
>> We limit the maximum length of any string data (such as domainname and
>> pathnames)
>> to TOMOYO_MAX_PATHNAME_LEN (which is 4000) bytes to fit within a single
>> page.
>>
>> Userland programs can obtain the amount of RAM currently used by TOMOYO
>> from /proc interface.
>
> Same NACK for this as for AppArmor, on exactly the same grounds. Please
> stop wasting your time on pathname-based non-solutions.
TOMOYO Linux is a pathname-based MAC, that is true.
But what that patch aimed for was sharing the idea of having
Linux kernel to keep "process invocation history" information
for each process. In that sense, TOMOYO Linux is just
a sample implementation.
Please take a look at the following message:
http://lkml.org/lkml/2007/6/13/58
Best regards,
Toshiharu Harada
next prev parent reply other threads:[~2007-06-15 1:28 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-14 7:30 [TOMOYO 0/9] TOMOYO Linux security module Kentaro Takeda
2007-06-14 7:32 ` [TOMOYO 1/9] Allow use of namespace_sem from LSM module Kentaro Takeda
2007-06-14 16:13 ` Pavel Machek
2007-06-15 2:53 ` Kentaro Takeda
2007-06-14 7:33 ` [TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 3/9] Data structures and prototypes definition Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 4/9] LSM adapter for TOMOYO Kentaro Takeda
2007-06-14 7:36 ` [TOMOYO 5/9] Memory and pathname management functions Kentaro Takeda
2007-06-14 17:34 ` Christoph Hellwig
2007-06-15 1:19 ` Toshiharu Harada [this message]
2007-06-14 7:37 ` [TOMOYO 6/9] Utility functions and /proc interface for policy manipulation Kentaro Takeda
2007-06-14 7:38 ` [TOMOYO 7/9] Auditing interface Kentaro Takeda
2007-06-14 7:38 ` [TOMOYO 8/9] File access control functions Kentaro Takeda
2007-06-14 7:39 ` [TOMOYO 9/9] Domain transition handler functions Kentaro Takeda
2007-06-14 16:15 ` [TOMOYO 0/9] TOMOYO Linux security module Pavel Machek
2007-06-15 1:27 ` Kentaro Takeda
-- strict thread matches above, loose matches on Subject: below --
2007-06-15 7:16 [TOMOYO 5/9] Memory and pathname management functions Albert Cahalan
2007-06-15 13:00 ` Pavel Machek
2007-06-16 9:08 ` Albert Cahalan
2007-06-21 18:22 ` Pavel Machek
2007-06-22 14:45 ` Albert Cahalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4671E92E.1030100@nttdata.co.jp \
--to=haradats@nttdata.co.jp \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox