Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Chris Wright (chris@wirex.com)
Wed, 23 Apr 2003 12:15:17 -0700


* Andreas Dilger (adilger@clusterfs.com) wrote:
>
> Well, with the exception of backup/restore (which will just treat this
> EA data as opaque and doesn't really care whether the names are fixed
> or not), the tools DO need to understand each individual module
> or policy in order to make any sense of the data. Otherwise, all you
> can do is print out some binary blob which is no use to anyone.

I was imagining strings, not binary blobs, sorry for the confusion.

> So, either the tools look for "system.security", and then have to
> understand an internal magic for each module to know what to do with
> the data, or it looks for "system.<modulename>" for only module names
> that it actually understands.

Or simply print the strings associated with the label.

> The only reason to use a common "system.security" is if the actual data
> stored therein was usable by more than a single security module.

Or, as mentioned, if you care to print out the label with standard
fileutils.

cheers,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/