Re: [PATCH 01/11] Security: Add hook to get full maclabel xattrname

[Trond Myklebust]

On Thu, 2008-02-28 at 19:51 -0500, Christoph Hellwig wrote:
> On Thu, Feb 28, 2008 at 04:50:06PM -0800, Trond Myklebust wrote:
> > As I've told you several times before: we're _NOT_ putting private
> > ioctl^Hxattrs onto the wire. If the protocol can't be described in an
> > RFC, then it isn't going in no matter what expletive you choose to
> > use...
> 
> It's as unstructured as the named attributes already in.  Or file data
> for that matter.

Describing what is supposed to be a security mechanism in a structured
fashion for use in a protocol should hardly be an impossible task (and
AFAICS, Dave & co are making good progress in doing so). If it is, then
that casts serious doubt on the validity of the security model...

There should be no need for ioctls.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/