On Apr 23, 2003 11:25 -0700, Chris Wright wrote: > * Christoph Hellwig (hchat_private) wrote: > > The other question is why do you name them system.security? The name > > sounds a bit too generic to me. ACLs are certainly a security feature > > and have different ATTRS, similar for the Posix capability and MAC > > support in XFS. As selinux is the flask implementation for Linux > > what about system.flask_label? (or system.selinux_label?) > > It's really a namespace issue for user apps trying to deal with xattrs. > Being able to display the xattrs associated with a file in sane way, > like getxattr(path, "system.security", ...). Otherwise something like > listxattr() then gettxttr(... "system.security.[blah]" ...). Total > freeform naming is a headache for userspace to deal with. Esp. since we > don't want to teach all userland tools about each individual module/policy. Well, with the exception of backup/restore (which will just treat this EA data as opaque and doesn't really care whether the names are fixed or not), the tools DO need to understand each individual module or policy in order to make any sense of the data. Otherwise, all you can do is print out some binary blob which is no use to anyone. So, either the tools look for "system.security", and then have to understand an internal magic for each module to know what to do with the data, or it looks for "system.<modulename>" for only module names that it actually understands. The only reason to use a common "system.security" is if the actual data stored therein was usable by more than a single security module. Cheers, Andreas -- Andreas Dilger http://sourceforge.net/projects/ext2resize/ http://www-mddsp.enel.ucalgary.ca/People/adilger/ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 11:57:38 PDT