* Stephen Smalley (sds@private) wrote: > On Tue, 2005-07-05 at 09:03 -0700, Chris Wright wrote: > > Ugh, so far we'd tried to stay out of each fs as much as possible. > > Yes, minimizing invasiveness was important especially prior to inclusion > of LSM in mainline. But I think the approach of this patch is > consistent with: > - the fact that we were encouraged to migrate to using security xattrs > for security labels for SELinux, and > - the fact that security xattrs are now supported natively by the major > filesystems, and > - the fact that ACL initialization for new inodes is handled the same > way. Totally agree with that. > And the patch does try to provide the proper subdivision of > responsibility between the security module (compute the new inode label > and return it to the fs code) and the fs code (set the label on the new > inode so that it can be bundled into the same transaction for > filesystems that support them). Yes, looks ok at first glance. Will fire it up after these pesky meetings this morning. thanks, -chris
This archive was generated by hypermail 2.1.3 : Tue Jul 05 2005 - 09:32:09 PDT