On Wed, 23 Apr 2003 12:15:17 PDT, Chris Wright <chris@wirex.com> said:
> * Andreas Dilger (adilger@clusterfs.com) wrote:
> > The only reason to use a common "system.security" is if the actual data
> > stored therein was usable by more than a single security module.
>
> Or, as mentioned, if you care to print out the label with standard
> fileutils.
The requirement that things like ls, find, cp and so on know where to look
for these things trumps any "purity of labels" arguments.
In addition, a case can be made that different modules *should* use the
same name - because that way when you're re-labelling a file system for
a new security module, you can actually *detect* old crufty conflicting
labels added by some previous module.
"Warning: file %s was already labelled with attribute %s"
If you do as Chris suggests, you can't implement this in a clean manner.
This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:38 EST