On Wed, 2003-04-23 at 16:20, Christoph Hellwig wrote: > That doesn't matter at all for this question - if you have a selinux_label > attribute you can add your different policies with string labels to > it. But don't mix it up with others. Ok, so you still favor using a distinct attribute name for SELinux attributes. Andreas Gruenbacher had suggested during the earlier thread that we use something like the xattr_trusted.c attribute handler, so that a single xattr handler would cover all security modules but each security module could have its own attribute name (security.selinux, security.dte, security.capabilities, etc). As I explained during that thread, I don't think we want to use the trusted attribute handler itself due to its permission checking model, but it would be easy to make the xattr_security.c handler more like xattr_trusted.c in terms of allowing arbitrary extensions of a "security." prefix. Is that more to your liking, or do you truly want a separate handler for each security module? I see the latter as undesirable as it requires each security module to separately reserve a name and an index in each filesystem. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 05:56:25 PDT