On Thu, 2003-04-24 at 09:03, Christoph Hellwig wrote:
> Hmm, what would you think of changing the xattr_trusted security
> model to fit your needs? It's so far unused outside XFS and there's
> maybe a chance changing it.
It would require removing the capable(CAP_SYS_ADMIN) checks from the
xattr_trusted.c handler and implementing them in the capabilities
security module (and corresponding superuser tests in the dummy security
module) via the inode_setxattr and inode_getxattr hook functions. This
would then permit security modules to implement their own permission
checking logic for getxattr and setxattr calls for their attributes, and
it would allow security modules to internally call the getxattr and
setxattr inode operations without being subjected to these checks in
order to manage the attributes.
-- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:14 EST