Novell releases AppArmor
Posted Jan 16, 2006 11:53 UTC (Mon) by nix
In reply to: Novell releases AppArmor
Parent article: Novell releases AppArmor
Well, as I understand it AppArmor uses the filename to *look up* the inode number and then tags the inode. Obviously no other system would be secure under hardlinks, especially if as standard POSIX semantics demand any user can hardlink files owned by other users into directories they control. (I think it reasonable to assume that any system designed by Crispin Cowan wouldn't have a design flaw as large as you imply in it!)
Obviously the AppArmor globbing/regexing thing is something which should be used with care: don't put wildcards at the front of the name!
What might really cause problems for AppArmor, and for any filename-based system, is wide use of filesystem namespaces. If /etc/shadow refers to a different file depending on the PID, what do you do?
(Mind you, this screws up conventional Unix security as well. I think that no matter what you do to the filesystem namespace, / and /etc had better remain non-writable by anyone but root.)
to post comments)