Re: [RFC][PATCH] Extended Attributes for Security Modules

From: Chris Wright (chrisat_private)
Date: Thu Apr 17 2003 - 13:30:59 PDT

  • Next message: richard offer: "Re: [RFC][PATCH] Extended Attributes for Security Modules"

    * Stephen Smalley (sdsat_private) wrote:
    > On Wed, 2003-04-16 at 18:02, richard offer wrote:
    > > I can see your reasons for the single attribute (known quantity for
    > > production systems), but think its better at this stage to experiment with
    > > multiple attributes and see how people use them before forcing everyone to
    > > a single standard. It allows small steps rather than force everyone to make
    > > a single large one.
    > Per-module attribute names create no incentive for the security module
    > writers to provide a consistent API and guarantees a forked userland. 
    This is the core issue.  Personally, I'd rather stick to simple strings
    and per-module attributes rooted at a common point.  This is simplest
    for userspace tools.  But the attribute namespace is effectively flat,
    so it's a question of simplicity for locating the attributes.  A simple
    getxattr(2) vs. a listxattr(2) plus multiple getxattr(2).  Unfortunately,
    this points at a single standard name I think...
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 13:35:20 PDT