Re: [PATCH] remove sys_security

From: Alexander Viro (viroat_private)
Date: Thu Oct 17 2002 - 14:49:05 PDT

  • Next message: Greg KH: "Re: [PATCH] remove sys_security"

    On Thu, 17 Oct 2002, Russell Coker wrote:
    > > What specific information differs per-operation, such that security
    > > identifiers cannot be stored internally inside a file handle?
    > My previous message obviously wasn't clear enough.
    > When you want to read or set the SID of a file handle then you need to pass in 
    > a SID pointer or a SID.
    So fscking what?  _Nothing_ of the above warrants a new syscall.  There
    are struct file * attributes and there are descriptor attributes.
    Rather than excreting a new syscall you could look what already exists
    in the API.
    Frankly, SELinux has some interesting ideas, but interfaces are appalling.
    Either they've never cared about it, or they have no taste (or have, er,
    overriding manag^Wissues actively hostile to any taste).  Take your pick.
    And don't get me started on access to file by inumber and other beauties
    in that excuse of an API.  It wasn't designed.  It happened.  As in, "it
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:53:02 PDT