[Apparmor-dev] MinorFs 0.3 & AppArmor
John Johansen
jjohansen at suse.de
Tue Jul 8 03:10:26 MDT 2008
Rob Meijer wrote:
> I just finished up the 0.3 version of Minorfs, and its available on
> http://polacanthus.net/minorfs.html
>
> The goal of MinorFs is to provide a set of userspace filesystems that allow
> applications (to be more exact, pseudo persistent processes) to have their
> own private storage in a decomposable and (ocap like) delegatable way.
>
> MinorFs and AppArmor are complementary as the capability paradigm warants
> that active objects start of with an absolute minimum of privileges
> (AppArmor) that are than extended by delegations (MinorFs).
>
> I think it might be a good idea to see if integrating MinorFs into the
> userspace tools of AppArmor would be possible, and if some tasks (like
> identifying pseudo persistent processes) should better move to
> kernelspace.
>
> Please let me know if you guys agree this would be a good idea.
>
Hrmm, it is something that needs some more investigation, but I am
certainly not opposed to the idea. I am however curious as to
specifically what you mean by integration into the user space tools.
Do you see the profiling tools being used to identify pseudo persistent
processes? Being used to track the fd flow between processes/profiles?
How do you see it fitting into profiling, or do you mean a more general
extension of the user space tools?
More information about the Apparmor-dev
mailing list