* richard offer (offerat_private) wrote: > * frm chrisat_private "04/17/03 13:30:59 -0700" | sed '1,$s/^/* /' > * > * This is the core issue. Personally, I'd rather stick to simple strings > * and per-module attributes rooted at a common point. This is simplest > * for userspace tools. But the attribute namespace is effectively flat, > * so it's a question of simplicity for locating the attributes. A simple > * getxattr(2) vs. a listxattr(2) plus multiple getxattr(2). Unfortunately, > * this points at a single standard name I think... > > Good point. Okay you've conviced me enough that while I don't agree more > than 51%, I'm at least going to shut up until the next time. Heh, it's a valid question. I like per-module attributes, but I don't think they are as nice for userland tools. I don't acutally like encoding namesapce into the attribute value, but I'm not sure the alternative is much different/better. > Would it make sense to have a single "backup/restore security label" tool > that is distributed alongside LSM rather than relying on each module writer > developing their own. You mean to ensure that labels are accumulated rather than replaced? Could be useful I suppose. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 18:13:23 PDT