Re: [AppArmor 37/41] AppArmor: Main Part
- From: Andreas Gruenbacher <agruen@xxxxxxx>
- Date: Fri, 13 Apr 2007 10:17:05 +0200
On Thursday 12 April 2007 12:37, Alan Cox wrote:
The proc file system may not be mounted at /proc. There are environments
where this is done for good reason (eg not wanting the /proc info exposed
to a low trust environment). Another is when FUSE is providing an
arbitrated proc either by merging across clusters or by removing stuff.
[...]
Why can't this be done in the profile itself to avoid kernel special case
uglies and inflexibility ?
Good points. I'm in fact not sure how this could have been missed, and indeed
it makes more sense to put this in profiles.
Thanks,
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- [AppArmor 00/41] AppArmor security module overview
- From: jjohansen
- [AppArmor 37/41] AppArmor: Main Part
- From: jjohansen
- Re: [AppArmor 37/41] AppArmor: Main Part
- From: Alan Cox
- [AppArmor 00/41] AppArmor security module overview
- Prev by Date: Re: [AppArmor 00/41] AppArmor security module overview
- Next by Date: Re: [PATCH][RFC] Kill off legacy power management stuff.
- Previous by thread: Re: [AppArmor 37/41] AppArmor: Main Part
- Next by thread: Re: [AppArmor 37/41] AppArmor: Main Part
- Index(es):
Relevant Pages
|
