Re: [RFC][PATCH] Generic fallback for security xattrs

From: Chris Wright (chrisw@private)
Date: Fri Jul 15 2005 - 13:43:02 PDT


* Casey Schaufler (casey@schaufler-ca.com) wrote:
> > This is a request for comments on the below patch
> > that modifies the VFS
> > setxattr, getxattr, and listxattr code to fall back
> > to the security
> > module for security xattrs if the filesystem does
> > not support xattrs
> > natively.
> 
> Wouldn't it be better to just introduce the
> required changes to bring the filesystems that
> don't support xattrs into the 21st century?
> There can't be that many by now, and it's not
> as if (as the proposed patch demonstrates)
> it would be that much work. I would hope to
> see the existing mechanism used as designed
> rather than see a special hack put in to
> accomodate a special case.

There's xattr support in cifs, ext2, ext3, hfs, hfsplus, jfs. reiserfs,
nfsv4, xfs, and whatever else I missed.  And yes, where applicable
adding fs intrinsic xattr support makes most sense.  The question is
what to do for disk based filesystems that will never support xattrs,
and ram based filesystems.  The only thing I don't like about this
patch is hardcoding the namespace into xattr core like that.  But,
esp for ram based, they should at the very least _not_ duplicate code.
You can see this is a cleanup as it's removing code.

thanks,
-chris



This archive was generated by hypermail 2.1.3 : Fri Jul 15 2005 - 13:44:06 PDT