Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

From: Christoph Hellwig (hch@infradead.org)
Date: Thu Apr 24 2003 - 08:03:59 EST


On Thu, Apr 24, 2003 at 08:55:46AM -0400, Stephen Smalley wrote:
> attributes. Andreas Gruenbacher had suggested during the earlier thread
> that we use something like the xattr_trusted.c attribute handler, so
> that a single xattr handler would cover all security modules but each
> security module could have its own attribute name (security.selinux,
> security.dte, security.capabilities, etc). As I explained during that
> thread, I don't think we want to use the trusted attribute handler
> itself due to its permission checking model,

Hmm, what would you think of changing the xattr_trusted security
model to fit your needs? It's so far unused outside XFS and there's
maybe a chance changing it.

> but it would be easy to
> make the xattr_security.c handler more like xattr_trusted.c in terms of
> allowing arbitrary extensions of a "security." prefix. Is that more to
> your liking, or do you truly want a separate handler for each security
> module?

It's fine with me.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:13 EST