Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Christoph Hellwig (hch@infradead.org)
Thu, 24 Apr 2003 14:03:59 +0100


On Thu, Apr 24, 2003 at 08:55:46AM -0400, Stephen Smalley wrote:
> attributes. Andreas Gruenbacher had suggested during the earlier thread
> that we use something like the xattr_trusted.c attribute handler, so
> that a single xattr handler would cover all security modules but each
> security module could have its own attribute name (security.selinux,
> security.dte, security.capabilities, etc). As I explained during that
> thread, I don't think we want to use the trusted attribute handler
> itself due to its permission checking model,

Hmm, what would you think of changing the xattr_trusted security
model to fit your needs? It's so far unused outside XFS and there's
maybe a chance changing it.

> but it would be easy to
> make the xattr_security.c handler more like xattr_trusted.c in terms of
> allowing arbitrary extensions of a "security." prefix. Is that more to
> your liking, or do you truly want a separate handler for each security
> module?

It's fine with me.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/