Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Christoph Hellwig (hch@infradead.org)
Thu, 24 Apr 2003 14:03:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephan von Krawczynski: "Re: kernel ring buffer accessible by users"
Previous message: Benjamin Herrenschmidt: "[RFC/PATCH] IDE Power Management try 1"
In reply to: Stephen Smalley: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"

On Thu, Apr 24, 2003 at 08:55:46AM -0400, Stephen Smalley wrote:
> attributes. Andreas Gruenbacher had suggested during the earlier thread
> that we use something like the xattr_trusted.c attribute handler, so
> that a single xattr handler would cover all security modules but each
> security module could have its own attribute name (security.selinux,
> security.dte, security.capabilities, etc). As I explained during that
> thread, I don't think we want to use the trusted attribute handler
> itself due to its permission checking model,

Hmm, what would you think of changing the xattr_trusted security
model to fit your needs? It's so far unused outside XFS and there's
maybe a chance changing it.

> but it would be easy to
> make the xattr_security.c handler more like xattr_trusted.c in terms of
> allowing arbitrary extensions of a "security." prefix. Is that more to
> your liking, or do you truly want a separate handler for each security
> module?

It's fine with me.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephan von Krawczynski: "Re: kernel ring buffer accessible by users"
Previous message: Benjamin Herrenschmidt: "[RFC/PATCH] IDE Power Management try 1"
In reply to: Stephen Smalley: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"