You still wouldn't want the security check implemented in the xattr
handler (even for calls on behalf of user processes), because it will
differ depending on the security module and may require the full
contextual information (process and inode). Effectively, you would have
to just implement a call from the xattr handler to the security module,
and we already have hook calls from the [gs]etxattr system call code to
the security module to support such permission checking for user
processes.
-- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/