From: Crispin Cowan <crispin@crispincowan.com>
To: david@lang.hm
Cc: "Dr. David Alan Gilbert" <linux@treblig.org>,
Arjan van de Ven <arjan@infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
LSM ML <linux-security-module@vger.kernel.org>,
apparmor-dev <apparmor-dev@forge.novell.com>
Subject: Re: AppArmor Security Goal
Date: Mon, 12 Nov 2007 16:13:34 -0800 [thread overview]
Message-ID: <4738EC2E.3030304@crispincowan.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0711101546400.4780@asgard.lang.hm>
david@lang.hm wrote:
> a question for Crispin,
> is there a wildcard replacement for username? so that you could
> grant permission to /home/$user/.mozilla...... and grant each user
> access to only their own stuff? I realize that in this particular
> example the underlying DAC will handle it, but I can see other cases
> where people may want to have users more intermixed (say webserver
> files or directories for example)
This is possible, but tricky. There is no internal kernel data structure
for a UID's home dir. That is parsable at policy load time, so we could
enhance the language so that a rule of "~/.plan" expanded into a special
token that corresponded to some table of user home directories at the
time the policy was loaded. But that is racy, as it becomes invalid if
anyone's home dir moves, or any users are added or removed.
Another way to do it is what JJ posted: enhance the rule language so you
can have one rule for files that you own, and a different rule for files
owned by others. The AppArmor community (well, JJ and I :) are debating
the cost/benefit of this: is the added flexibility worth the added
complexity?
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin
CEO, Mercenary Linux http://mercenarylinux.com/
Itanium. Vista. GPLv3. Complexity at work
next prev parent reply other threads:[~2007-11-13 0:13 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-08 21:33 AppArmor Security Goal Crispin Cowan
2007-11-10 21:04 ` Andi Kleen
2007-11-10 21:24 ` Crispin Cowan
2007-11-11 3:23 ` John Johansen
2007-11-10 21:28 ` david
2007-11-11 3:36 ` John Johansen
2007-11-10 22:04 ` Dr. David Alan Gilbert
2007-11-10 22:11 ` Crispin Cowan
2007-11-10 22:24 ` Dr. David Alan Gilbert
2007-11-10 22:41 ` Crispin Cowan
2007-11-10 22:57 ` Alan Cox
2007-11-10 23:14 ` Crispin Cowan
2007-11-10 23:54 ` Alan Cox
2007-11-10 23:25 ` Dr. David Alan Gilbert
2007-11-10 23:52 ` david
2007-11-10 23:47 ` Dr. David Alan Gilbert
2007-11-10 23:56 ` Alan Cox
2007-11-11 1:27 ` david
2007-11-11 3:59 ` John Johansen
2007-11-12 23:58 ` Crispin Cowan
2007-11-11 4:17 ` John Johansen
2007-11-11 4:50 ` david
2007-11-13 0:13 ` Crispin Cowan [this message]
2007-11-11 7:02 ` Rogelio M. Serrano Jr.
2007-11-12 23:50 ` Crispin Cowan
2007-11-13 1:20 ` John Johansen
2007-11-11 2:17 ` Casey Schaufler
2007-11-11 3:55 ` John Johansen
2007-11-13 0:10 ` Joshua Brindle
2007-11-13 4:58 ` Casey Schaufler
-- strict thread matches above, loose matches on Subject: below --
2007-11-11 8:16 Rob Meijer
[not found] <9nngC-6iQ-25@gated-at.bofh.it>
[not found] ` <9o6Qq-2Hk-17@gated-at.bofh.it>
[not found] ` <9o6Qq-2Hk-15@gated-at.bofh.it>
[not found] ` <9o706-2Xe-17@gated-at.bofh.it>
[not found] ` <9o7jp-3lE-5@gated-at.bofh.it>
[not found] ` <9o7Wg-4sT-15@gated-at.bofh.it>
[not found] ` <9of7j-7ej-7@gated-at.bofh.it>
2007-11-12 18:43 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4738EC2E.3030304@crispincowan.com \
--to=crispin@crispincowan.com \
--cc=apparmor-dev@forge.novell.com \
--cc=arjan@infradead.org \
--cc=david@lang.hm \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@treblig.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox