Casey Schaufler wrote: > System V/MLS put just the dev/inode in their audit records. > All directory entry changes (creat, link, unlink, ...) had > to be tracked. At mount time the entire filesystem namespace > was recorded. This worked for 2MB file systems, but would not > be recommened for multiple terabyte ones. A similar solution was proposed at USENIX (IIRC by Stephen Smalley). We've been trying to make it work, but ran into the problem Casey describes. A SubDomain profile can contain an entry that says e.g. "/etc/*", which means that we would have to populate some in-kernel data structure with a very large name space. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 12:27:46 PDT