Hi, On Wed, 2003-04-23 at 19:42, Christoph Hellwig wrote: > On Wed, Apr 23, 2003 at 02:35:59PM -0400, Stephen Smalley wrote: > > The idea of using separate attribute names for each security module was > > already discussed at length when I posted the original RFC, and I've > > already made the case that this is not desirable. Please see the > > earlier discussion. > > No. It's not acceptable that the same ondisk structure has a different > meaning depending on loaded modules. If the xattrs have a different > meaning they _must_ have a different name. I'm not convinced --- I don't see much value in trying to preserve MAC semantics over load/unload of different security modules, so for sanity the important thing is just to be able to detect whether a security xattr "belongs" to the current module or not. That can be done with a simple prefix in the xattr value itself. Trying to make multiple MAC labels coexist in different xattrs seems to have little use. --Stephen _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 09:01:22 PDT