[Apparmor-dev] MinorFs 0.3 & AppArmor
Rob Meijer
capibara at xs4all.nl
Mon Jul 7 02:22:24 MDT 2008
I just finished up the 0.3 version of Minorfs, and its available on
http://polacanthus.net/minorfs.html
The goal of MinorFs is to provide a set of userspace filesystems that allow
applications (to be more exact, pseudo persistent processes) to have their
own private storage in a decomposable and (ocap like) delegatable way.
MinorFs and AppArmor are complementary as the capability paradigm warants
that active objects start of with an absolute minimum of privileges
(AppArmor) that are than extended by delegations (MinorFs).
I think it might be a good idea to see if integrating MinorFs into the
userspace tools of AppArmor would be possible, and if some tasks (like
identifying pseudo persistent processes) should better move to
kernelspace.
Please let me know if you guys agree this would be a good idea.
More information about the Apparmor-dev
mailing list