Linux security non-modules and AppArmor
Posted Jul 5, 2007 16:15 UTC (Thu) by skybrian
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
If policy is based on paths, then it seems like hard links between any two paths that have different security policies has to be disallowed (for example, between /etc and /tmp). Otherwise you've got files that appear under more than one security level. Any kind of copy between files at paths with different security levels untaints the data.
A taint-based system does seem more appealing if it could be made to work. It occurs to me that we have something close to that already, except that the security label is the owner and group of the file. The issues with setting the label for new files are similar to deciding what the owner, group, and umask should be for a new file. Maybe this would be more popular if security labels were something familiar? A special kind of group?
to post comments)