* frm chrisat_private "04/17/03 13:30:59 -0700" | sed '1,$s/^/* /' * ** Stephen Smalley (sdsat_private) wrote: *> On Wed, 2003-04-16 at 18:02, richard offer wrote: *> > I can see your reasons for the single attribute (known quantity for *> > production systems), but think its better at this stage to experiment *> > with multiple attributes and see how people use them before forcing *> > everyone to a single standard. It allows small steps rather than force *> > everyone to make a single large one. *> *> Per-module attribute names create no incentive for the security module *> writers to provide a consistent API and guarantees a forked userland. * * This is the core issue. Personally, I'd rather stick to simple strings * and per-module attributes rooted at a common point. This is simplest * for userspace tools. But the attribute namespace is effectively flat, * so it's a question of simplicity for locating the attributes. A simple * getxattr(2) vs. a listxattr(2) plus multiple getxattr(2). Unfortunately, * this points at a single standard name I think... Good point. Okay you've conviced me enough that while I don't agree more than 51%, I'm at least going to shut up until the next time. Would it make sense to have a single "backup/restore security label" tool that is distributed alongside LSM rather than relying on each module writer developing their own. * * thanks, * -chris richard. -- ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 13:53:43 PDT