Re: [PATCH 01/11] Security: Add hook to get full maclabel xattrname
From: Trond Myklebust
Date: Thu Feb 28 2008 - 20:09:35 EST
On Thu, 2008-02-28 at 19:51 -0500, Christoph Hellwig wrote:
> On Thu, Feb 28, 2008 at 04:50:06PM -0800, Trond Myklebust wrote:
> > As I've told you several times before: we're _NOT_ putting private
> > ioctl^Hxattrs onto the wire. If the protocol can't be described in an
> > RFC, then it isn't going in no matter what expletive you choose to
> > use...
>
> It's as unstructured as the named attributes already in. Or file data
> for that matter.
Describing what is supposed to be a security mechanism in a structured
fashion for use in a protocol should hardly be an impossible task (and
AFAICS, Dave & co are making good progress in doing so). If it is, then
that casts serious doubt on the validity of the security model...
There should be no need for ioctls.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/