On Tue, 05 Feb 2002 08:54:59 EST, Stephen Smalley said:
> The value (when provided as an input parameter to the call, e.g. setxattr)
> will be important to some security modules. For example, if the security
> module is using extended attributes to store its own security data, then
> it will likely perform a permission check based on the new value when the
> name corresponds to its own attribute space. Additionally, if certain
> ('name', 'value') pairs are well-defined and are critical to system
> security, then some security modules may choose to make use of the value
> in those cases.
Is there any reason to allow/support the security module editing the parameters
for its own purposes, or is it restricted to a "list is bad, go away" error
code? I could see a case where "if the user program specified X:Z, we would
want to tack on a W:Y as well...". (For instance, if a program tried to
put a 'LABEL:ABC' on it, we might want to attach a 'DOMAIN:XYZ' or edit
ABC into a value easier for us to deal with....)
The alternative is that the security module then gets to keep its *own*
database of "files which have X:Z specified, and what values of W we've
attached to each one". Quite a duplication of effort, especially when
the kernel already *has* support for storing what we want, and looking it
up ourselves may be expensive (possibly involving a call out to a userspace
process to do a database lookup, etc etc).
/Valdis
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 08:12:24 PST