Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Chris Wright (chris@wirex.com)
Wed, 23 Apr 2003 11:25:49 -0700


* Christoph Hellwig (hch@infradead.org) wrote:
>
> The other question is why do you name them system.security? The name
> sounds a bit too generic to me. ACLs are certainly a security feature
> and have different ATTRS, similar for the Posix capability and MAC
> support in XFS. As selinux is the flask implementation for Linux
> what about system.flask_label? (or system.selinux_label?)

It's really a namespace issue for user apps trying to deal with xattrs.
Being able to display the xattrs associated with a file in sane way,
like getxattr(path, "system.security", ...). Otherwise something like
listxattr() then gettxttr(... "system.security.[blah]" ...). Total
freeform naming is a headache for userspace to deal with. Esp. since we
don't want to teach all userland tools about each individual module/policy.

There were a couple proposals to use common root like "system.security."
(or the trusted namespace which was discussed in earlier threads).

Would you still prefer module specific naming?

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/