|
|
Subscribe / Log in / New account

The AppArmor debate begins

The AppArmor debate begins

Posted May 4, 2006 9:13 UTC (Thu) by renox (guest, #23785)
In reply to: The AppArmor debate begins by MenTaLguY
Parent article: The AppArmor debate begins

I disagree: the kernel has to do the translation so it has 'absolute' paths.

That each process can have a different view doesn't imply that there is no absolute path.

to post comments

The AppArmor debate begins

Posted May 4, 2006 16:58 UTC (Thu) by MenTaLguY (guest, #21879) [Link]

No, it doesn't. As I recall (it's been a long time since I've messed with filesystem stuff), each namespace can have its own root dentry, and dentries are mostly used used for looking up inodes by their path within a particular namespace.

There is no real "absolute" path to a file because the kernel doesn't need it. Most interesting things happen at the filesystem/inode level.

(One of the reasons that people object to AppArmor is that it'd require pushing a lot of things up into dentry-land, when the whole system was designed around inodes.)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds