Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Stephen Smalley (sds@epoch.ncsc.mil)
23 Apr 2003 15:17:57 -0400


On Wed, 2003-04-23 at 14:45, Christoph Hellwig wrote:
> Randomly userland shouldn't deal with these xattrs. Remember you are
> talking about the ondisk represenation of your labelling - nothing
> but the labelling tools should ever touch it.

Not true. ls should be able to display the security label. find should
be able to locate files that have specific security labels. cp should
be able to preserve the security label on copies. logrotate should be
able to preserve the security label when rotating logs. crond should be
able to check the security label on a crontab spool file to verify
consistency with the user's credentials with which the cron job will
run. login/sshd need to set the security label on the user's terminal
device. You'll find plenty of examples of patched userland in SELinux,
but none of these patches are specific to a particular set of security
attributes. They just handle them as strings.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/