Hi,
On Wed, 2003-04-23 at 19:42, Christoph Hellwig wrote:
> On Wed, Apr 23, 2003 at 02:35:59PM -0400, Stephen Smalley wrote:
> > The idea of using separate attribute names for each security module was
> > already discussed at length when I posted the original RFC, and I've
> > already made the case that this is not desirable. Please see the
> > earlier discussion.
>
> No. It's not acceptable that the same ondisk structure has a different
> meaning depending on loaded modules. If the xattrs have a different
> meaning they _must_ have a different name.
I'm not convinced --- I don't see much value in trying to preserve MAC
semantics over load/unload of different security modules, so for sanity
the important thing is just to be able to detect whether a security
xattr "belongs" to the current module or not. That can be done with a
simple prefix in the xattr value itself. Trying to make multiple MAC
labels coexist in different xattrs seems to have little use.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:29 EST