Re: [PATCH] remove sys_security

From: Alexander Viro (viroat_private)
Date: Thu Oct 17 2002 - 14:49:05 PDT

  • Next message: Greg KH: "Re: [PATCH] remove sys_security"

    On Thu, 17 Oct 2002, Russell Coker wrote:
    
    > > What specific information differs per-operation, such that security
    > > identifiers cannot be stored internally inside a file handle?
    > 
    > My previous message obviously wasn't clear enough.
    > 
    > When you want to read or set the SID of a file handle then you need to pass in 
    > a SID pointer or a SID.
    
    So fscking what?  _Nothing_ of the above warrants a new syscall.  There
    are struct file * attributes and there are descriptor attributes.
    Rather than excreting a new syscall you could look what already exists
    in the API.
    
    Frankly, SELinux has some interesting ideas, but interfaces are appalling.
    Either they've never cared about it, or they have no taste (or have, er,
    overriding manag^Wissues actively hostile to any taste).  Take your pick.
    
    And don't get me started on access to file by inumber and other beauties
    in that excuse of an API.  It wasn't designed.  It happened.  As in, "it
    happens".
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:53:02 PDT