Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Valdis.Kletnieks@vt.edu
Wed, 23 Apr 2003 15:28:07 -0400


--==_Exmh_300256906P
Content-Type: text/plain; charset=us-ascii

On Wed, 23 Apr 2003 12:15:17 PDT, Chris Wright <chris@wirex.com> said:
> * Andreas Dilger (adilger@clusterfs.com) wrote:

> > The only reason to use a common "system.security" is if the actual data
> > stored therein was usable by more than a single security module.
>
> Or, as mentioned, if you care to print out the label with standard
> fileutils.

The requirement that things like ls, find, cp and so on know where to look
for these things trumps any "purity of labels" arguments.

In addition, a case can be made that different modules *should* use the
same name - because that way when you're re-labelling a file system for
a new security module, you can actually *detect* old crufty conflicting
labels added by some previous module.

"Warning: file %s was already labelled with attribute %s"

If you do as Chris suggests, you can't implement this in a clean manner.

--==_Exmh_300256906P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQE+pulHcC3lWbTT17ARAnbTAKDQ4v4uepnX45/VsIYLDGzJz3NUjgCgyeBA
Du58yyud1GpD35q3iVaq3Tg=
=tFo1
-----END PGP SIGNATURE-----

--==_Exmh_300256906P--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/