* Stephen Smalley (sdsat_private) wrote: > On Wed, 2003-04-16 at 18:02, richard offer wrote: > > I can see your reasons for the single attribute (known quantity for > > production systems), but think its better at this stage to experiment with > > multiple attributes and see how people use them before forcing everyone to > > a single standard. It allows small steps rather than force everyone to make > > a single large one. > > Per-module attribute names create no incentive for the security module > writers to provide a consistent API and guarantees a forked userland. This is the core issue. Personally, I'd rather stick to simple strings and per-module attributes rooted at a common point. This is simplest for userspace tools. But the attribute namespace is effectively flat, so it's a question of simplicity for locating the attributes. A simple getxattr(2) vs. a listxattr(2) plus multiple getxattr(2). Unfortunately, this points at a single standard name I think... thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 13:35:20 PDT