On Wed, 2003-04-23 at 14:17, Christoph Hellwig wrote: > First, please put the changes in the LSM API in a different patch from > the xattr changes, they're a different issue. I don't mind splitting them into a separate patch (and offered to do so in the earlier posting against 2.5.67), but I don't agree that they are a different issue. The changes to the LSM xattr-related hooks are part of supporting the use of extended attributes by security modules for file security labels; the changes permit the security module to update the inode security structure upon successful setxattr calls, and to provide atomicity for the check and update of the security label. > The other question is why do you name them system.security? The name > sounds a bit too generic to me. ACLs are certainly a security feature > and have different ATTRS, similar for the Posix capability and MAC > support in XFS. As selinux is the flask implementation for Linux > what about system.flask_label? (or system.selinux_label?) The idea of using separate attribute names for each security module was already discussed at length when I posted the original RFC, and I've already made the case that this is not desirable. Please see the earlier discussion. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 11:37:00 PDT