Re: Filesystem Capabilities in 2.6?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Niels Provos: "cryptographic acceleration [Re: What's left over.]"
• Previous message: Akira Tsukamoto: "[PATCH] Athlon cache-line fix"
• In reply to: Dax Kelson: "Filesystem Capabilities in 2.6?"
• Next in thread: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• Next in thread: Rusty Russell: "Re: Rusty's Remarkably Unreliable List of Pending 2.6 Features"

Ugh. Personally, as I've said, I'm not convinced filesystem
capabilities is worth it, providing the illusion of security --- and
probably will make most systems more insecure because most system
administrators won't be able to deal with fs capabilties competently.

HOWEVER, if we're going to do it, Olaf's patches is really not the way
to do it. If we're going to do it at all, the right way to do it is
via extended attributes. Using a sparse file to store capabilities
indexed by inode numbers is a bad idea; it will break if the user uses
resize2fs on an ext2/3 filesystem, for example.

- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Niels Provos: "cryptographic acceleration [Re: What's left over.]"
• Previous message: Akira Tsukamoto: "[PATCH] Athlon cache-line fix"
• In reply to: Dax Kelson: "Filesystem Capabilities in 2.6?"
• Next in thread: Olaf Dietsche: "Re: Filesystem Capabilities in 2.6?"
• Next in thread: Rusty Russell: "Re: Rusty's Remarkably Unreliable List of Pending 2.6 Features"