Re: [PATCH 01/11] Security: Add hook to get full maclabel xattr name

From: Casey Schaufler
Date: Thu Feb 28 2008 - 20:56:00 EST



--- Trond Myklebust <trond.myklebust@xxxxxxxxxx> wrote:

>
> On Thu, 2008-02-28 at 19:51 -0500, Christoph Hellwig wrote:
> > On Thu, Feb 28, 2008 at 04:50:06PM -0800, Trond Myklebust wrote:
> > > As I've told you several times before: we're _NOT_ putting private
> > > ioctl^Hxattrs onto the wire. If the protocol can't be described in an
> > > RFC, then it isn't going in no matter what expletive you choose to
> > > use...
> >
> > It's as unstructured as the named attributes already in. Or file data
> > for that matter.
>
> Describing what is supposed to be a security mechanism in a structured
> fashion for use in a protocol should hardly be an impossible task (and
> AFAICS, Dave & co are making good progress in doing so). If it is, then
> that casts serious doubt on the validity of the security model...

Now this is were I always get confused. I sounds like you're
saying that a name/value pair is insufficiently structured for
use in a protocol specification.

> There should be no need for ioctls.

Sorry, but as far as I'm concerned you just threw a bunny under
the train for no apparent reason. What have ioctls got to do with
anything?


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/