User: Password:
Subscribe / Log in / New account

The AppArmor debate begins

The AppArmor debate begins

Posted Apr 28, 2006 17:28 UTC (Fri) by MenTaLguY (guest, #21879)
In reply to: The AppArmor debate begins by dlang
Parent article: The AppArmor debate begins

Since Linux supports per-process namespaces, there ARE no globally absolute paths.

(Log in to post comments)

The AppArmor debate begins

Posted May 4, 2006 9:13 UTC (Thu) by renox (subscriber, #23785) [Link]

I disagree: the kernel has to do the translation so it has 'absolute' paths.

That each process can have a different view doesn't imply that there is no absolute path.

The AppArmor debate begins

Posted May 4, 2006 16:58 UTC (Thu) by MenTaLguY (guest, #21879) [Link]

No, it doesn't. As I recall (it's been a long time since I've messed with filesystem stuff), each namespace can have its own root dentry, and dentries are mostly used used for looking up inodes by their path within a particular namespace.

There is no real "absolute" path to a file because the kernel doesn't need it. Most interesting things happen at the filesystem/inode level.

(One of the reasons that people object to AppArmor is that it'd require pushing a lot of things up into dentry-land, when the whole system was designed around inodes.)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds