[e-lang] E + MinorFs + AppArmor: adding Tahoe to the stack ?
Karp, Alan H
alan.karp at hp.com
Fri Jan 29 17:54:37 PST 2010
Matej Kosik wrote:
>
> I do not understand the argument that AppArmor is indispensable (even if
> some process has to access files on the filesystem or interact with
> other processes). Is there a security policy which cannot be enforced in
> ocap-language (over untrusted modules written in this language)?
> Obviously (for me) not, but I guess you do not concur.
>
AppArmor will protect you if there is an exploitable flaw in the ocap program.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the e-lang
mailing list