Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

From: Chris Wright (chrisat_private)
Date: Wed Apr 23 2003 - 11:25:49 PDT

  • Next message: Stephen Smalley: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"

    * Christoph Hellwig (hchat_private) wrote:
    > 
    > The other question is why do you name them system.security?  The name
    > sounds a bit too generic to me.  ACLs are certainly a security feature
    > and have different ATTRS, similar for the Posix capability and MAC
    > support in XFS.  As selinux is the flask implementation for Linux
    > what about system.flask_label?  (or system.selinux_label?)
    
    It's really a namespace issue for user apps trying to deal with xattrs.
    Being able to display the xattrs associated with a file in sane way,
    like getxattr(path, "system.security", ...).  Otherwise something like
    listxattr() then gettxttr(... "system.security.[blah]" ...).  Total
    freeform naming is a headache for userspace to deal with.  Esp. since we
    don't want to teach all userland tools about each individual module/policy.
    
    There were a couple proposals to use common root like "system.security."
    (or the trusted namespace which was discussed in earlier threads).
    
    Would you still prefer module specific naming?
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 11:31:12 PDT