On Sun, Dec 18, 2011 at 4:00 AM, John Johansen <[email protected]> wrote: >> Policy compilation and load time are both far too static. Drives come and >> go all the time and their scsi name /dev/sd* is next to useless. The >> dynamic names are better but troublesome. The more I think about it, the >> more I think labeling is the answer here. >> > possibly, patches welcome > >> (I wish the kernel just gave them persistent names.) >> > it would be nice
A (silly?) thought occurs -- perhaps udevd should be creating either new device nodes or (this is where it gets devious): bind-mounting the device nodes to their "friendly" names rather than simply symlinking. Everyone loves bind mounts and symlinks are so Ye Olde Schoole. Also, what do we do for FUSE mounts? Simply allow/disallow FUSE? Or grant permissions to specific FUSE transports? (Say, allow sshfs for one profile, allow ipod-name-demangling for another profile.) Thanks -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
