Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

From: Valdis.Kletnieksat_private
Date: Wed Apr 23 2003 - 12:28:07 PDT

  • Next message: Chris Wright: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"

    On Wed, 23 Apr 2003 12:15:17 PDT, Chris Wright <chrisat_private>  said:
    > * Andreas Dilger (adilgerat_private) wrote:
    
    > > The only reason to use a common "system.security" is if the actual data
    > > stored therein was usable by more than a single security module.
    > 
    > Or, as mentioned, if you care to print out the label with standard
    > fileutils.
    
    The requirement that things like ls, find, cp and so on know where to look
    for these things trumps any "purity of labels" arguments.
    
    In addition, a case can be made that different modules *should* use the
    same name - because that way when you're re-labelling a file system for
    a new security module, you can actually *detect* old crufty conflicting
    labels added by some previous module.
    
    "Warning: file %s was already labelled with attribute %s"
    
    If you do as Chris suggests, you can't implement this in a clean manner.
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 12:28:22 PDT