From: John Johansen <john.johansen@canonical.com>
To: Eric Paris <eparis@parisplace.org>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 04/13] AppArmor: core policy routines
Date: Thu, 15 Jul 2010 09:40:27 -0700 [thread overview]
Message-ID: <4C3F39FB.7090409@canonical.com> (raw)
In-Reply-To: <AANLkTim_l1RDI3icW1Ko7NWvECT1JzuM2c3Qqa8wvQR6@mail.gmail.com>
On 07/15/2010 08:33 AM, Eric Paris wrote:
> On Wed, Jul 14, 2010 at 8:43 PM, John Johansen
> <john.johansen@canonical.com> wrote:
>> The basic routines and defines for AppArmor policy. AppArmor policy
>> is defined by a few basic components.
>> profiles - the basic unit of confinement contain all the information
>> to enforce policy on a task
>>
>> Profiles tend to be named after an executable that they
>> will attach to but this is not required.
>> namespaces - a container for a set of profiles that will be used
>> during attachment and transitions between profiles.
>> sids - which provide a unique id for each profile
>>
>> Signed-off-by: John Johansen <john.johansen@canonical.com>
>> ---
>
>> + PFLAG_MMAP_MIN_ADDR = 0x80, /* profile controls mmap_min_addr */
>
> You don't actually support this per ?domain? mmap_min_addr and I'm not
> sure how you ever can (given the nature of round_hint_to_min()) so
> maybe you should rip it all out rather than having the half
> implemented stuff in patches 4 and 6?
Right, it wasn't actually ever intended as a per domain value, just a constraint
on the domain setting the value. As it currently isn't supported I will rip
those bits out.
next prev parent reply other threads:[~2010-07-15 16:40 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-15 0:43 [AppArmor #5 0/13] AppArmor security module John Johansen
2010-07-15 0:43 ` [PATCH 01/13] AppArmor: misc. base functions and defines John Johansen
2010-07-15 0:43 ` [PATCH 02/13] AppArmor: basic auditing infrastructure John Johansen
2010-07-15 15:18 ` Eric Paris
2010-07-15 16:36 ` John Johansen
2010-07-15 17:36 ` Eric Paris
2010-07-15 18:07 ` John Johansen
2010-07-15 0:43 ` [PATCH 03/13] AppArmor: contexts used in attaching policy to system objects John Johansen
2010-07-15 0:43 ` [PATCH 04/13] AppArmor: core policy routines John Johansen
2010-07-15 15:33 ` Eric Paris
2010-07-15 16:40 ` John Johansen [this message]
2010-07-15 0:43 ` [PATCH 05/13] AppArmor: dfa match engine John Johansen
2010-07-15 0:43 ` [PATCH 06/13] AppArmor: policy routines for loading and unpacking policy John Johansen
2010-07-15 0:43 ` [PATCH 07/13] AppArmor: userspace interfaces John Johansen
2010-07-15 0:43 ` [PATCH 08/13] AppArmor: file enforcement routines John Johansen
2010-07-15 0:43 ` [PATCH 09/13] AppArmor: mediation of non file objects John Johansen
2010-07-15 0:43 ` [PATCH 10/13] AppArmor: domain functions for domain transition John Johansen
2010-07-15 0:43 ` [PATCH 11/13] AppArmor: LSM interface, and security module initialization John Johansen
2010-07-15 17:27 ` Serge E. Hallyn
2010-07-15 18:04 ` John Johansen
2010-07-15 0:43 ` [PATCH 12/13] AppArmor: Enable configuring and building of the AppArmor security module John Johansen
2010-07-15 0:43 ` [PATCH 13/13] AppArmor: update Maintainer and Documentation/kernel-parameters.txt John Johansen
2010-07-15 13:06 ` [AppArmor #5 0/13] AppArmor security module Miklos Szeredi
2010-07-16 5:21 ` Tetsuo Handa
2010-07-16 16:37 ` John Johansen
2010-07-17 7:41 ` Tetsuo Handa
-- strict thread matches above, loose matches on Subject: below --
2010-07-27 2:57 [AppArmor #6 " John Johansen
2010-07-27 2:57 ` [PATCH 04/13] AppArmor: core policy routines John Johansen
2010-07-29 21:47 [AppArmor #7 0/13] AppArmor security module John Johansen
2010-07-29 21:48 ` [PATCH 04/13] AppArmor: core policy routines John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C3F39FB.7090409@canonical.com \
--to=john.johansen@canonical.com \
--cc=eparis@parisplace.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox