From: Linus Torvalds <torvalds@linux-foundation.org>
To: Eric Paris <eparis@parisplace.org>
Cc: Ulrich Drepper <drepper@gmail.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>, Ingo Molnar <mingo@elte.hu>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org, Kyle McMartin <kyle@mcmartin.ca>,
Alexander Viro <viro@ftp.linux.org.uk>
Subject: Re: Upstream first policy
Date: Mon, 8 Mar 2010 15:21:04 -0800 (PST) [thread overview]
Message-ID: <alpine.LFD.2.00.1003081516300.3669@localhost.localdomain> (raw)
In-Reply-To: <7e0fb38c1003081512j36b4fbbfpa5f93f988495f621@mail.gmail.com>
On Mon, 8 Mar 2010, Eric Paris wrote:
>
> answering a different post in the same email: I accept "THERE ARE
> DIFFERENT CASES." You go on to say "So I'm not suggesting we
> _replace_ content-based security with pathname-based security. I'm
> just saying that pathnames actually do matter for security, and that
> they are an independent issue." But what you are suggesting is
> EXACTLY that our users should _replace_ content-based security with
> pathname-based security when they have to boot with security=TOMOYO
> instead of security=SMACK.
No.
Because we already _have_ content-based security. The traditional UNIX
model is all about "labeling", ie the inode-based security.
The fact that the extended security is then using something else in Tomoyo
or AppArmor doesn't remove the traditional security model.
Again, your whole email is just "assuming" that selinux is the thing to
be. No logic to your post at all. If you are using a AppArmor-based thing,
you're not "switching" from SELinux to AppArmor. You're just using it.
Get it? The Ubuntu people seem to be happy with AppArmor. Deal with it.
SELinux isn't the end-all and be-all of everything.
Linus
next prev parent reply other threads:[~2010-03-08 23:22 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-07 21:23 Upstream first policy James Morris
2010-03-07 21:31 ` Linus Torvalds
2010-03-07 21:36 ` Linus Torvalds
2010-03-08 9:46 ` Ingo Molnar
2010-03-08 17:30 ` Alan Cox
2010-03-08 18:08 ` Linus Torvalds
2010-03-08 18:45 ` Al Viro
2010-03-08 18:53 ` Al Viro
2010-03-08 18:59 ` Linus Torvalds
2010-03-08 19:15 ` Linus Torvalds
2010-03-08 19:17 ` Alan Cox
2010-03-08 19:32 ` Linus Torvalds
2010-03-09 0:48 ` Kyle McMartin
2010-03-08 21:20 ` Chris Adams
2010-03-08 19:18 ` Al Viro
2010-03-09 1:18 ` Luca Barbieri
2010-03-09 1:25 ` Al Viro
2010-03-09 1:51 ` Luca Barbieri
2010-03-09 1:55 ` Al Viro
2010-03-09 2:09 ` Luca Barbieri
2010-03-08 19:08 ` Alan Cox
2010-03-08 19:18 ` Linus Torvalds
2010-03-08 19:27 ` Alan Cox
2010-03-08 19:34 ` Linus Torvalds
2010-03-09 7:29 ` Ingo Molnar
2010-03-09 8:46 ` Dave Airlie
2010-03-09 14:58 ` Ulrich Drepper
2010-03-08 23:02 ` Eric W. Biederman
2010-03-08 23:18 ` Eric Paris
2010-03-09 15:16 ` Florian Mickler
2010-03-09 22:49 ` Alan Cox
2010-03-11 3:52 ` Eric W. Biederman
2010-03-08 22:12 ` Ulrich Drepper
2010-03-08 23:12 ` Eric Paris
2010-03-08 23:21 ` Linus Torvalds [this message]
2010-03-08 23:18 ` Rik van Riel
2010-03-08 23:37 ` Linus Torvalds
2010-03-08 23:51 ` Rik van Riel
2010-03-09 0:10 ` Linus Torvalds
2010-03-09 3:26 ` Casey Schaufler
2010-03-09 3:58 ` Linus Torvalds
2010-03-09 13:09 ` Samir Bellabes
2010-03-09 0:15 ` Al Viro
2010-03-09 0:48 ` Al Viro
2010-03-09 1:49 ` Linus Torvalds
2010-03-09 2:05 ` Al Viro
2010-03-09 2:18 ` Linus Torvalds
2010-03-23 13:59 ` Pavel Machek
[not found] <elwcV-406-1@gated-at.bofh.it>
[not found] ` <elHL4-42q-5@gated-at.bofh.it>
[not found] ` <elP5U-6Ku-29@gated-at.bofh.it>
[not found] ` <elPyV-7zE-7@gated-at.bofh.it>
[not found] ` <elQbE-8ll-7@gated-at.bofh.it>
[not found] ` <elQv0-vu-13@gated-at.bofh.it>
[not found] ` <elQEG-Hn-33@gated-at.bofh.it>
2010-03-08 19:40 ` James Kosin
-- strict thread matches above, loose matches on Subject: below --
2010-03-04 18:39 [git pull] drm request 3 Jesse Barnes
2010-03-04 18:51 ` Linus Torvalds
2010-03-04 18:56 ` Jesse Barnes
2010-03-04 19:08 ` Linus Torvalds
2010-03-04 19:25 ` Dave Airlie
2010-03-04 20:01 ` Linus Torvalds
2010-03-04 22:06 ` Dave Airlie
2010-03-05 0:08 ` Linus Torvalds
2010-03-05 0:28 ` Ben Skeggs
2010-03-05 0:41 ` Linus Torvalds
2010-03-05 1:19 ` Upstream first policy Kyle McMartin
2010-03-05 1:28 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.00.1003081516300.3669@localhost.localdomain \
--to=torvalds@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=drepper@gmail.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=kyle@mcmartin.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).