Re: [RFC][PATCH] Generic fallback for security xattrs

From: Casey Schaufler (casey@schaufler-ca.com)
Date: Mon Jul 25 2005 - 21:08:33 PDT


--- Chris Wright <chrisw@private> wrote:

> * Casey Schaufler (casey@schaufler-ca.com) wrote:
> > --- Stephen Smalley <sds@private> wrote:
> > 
> > > The question is whether the kernels of those
> systems
> > > provided:
> > > a) only an xattr API to userspace, with the API
> for
> > > getting and setting
> > > specific attributes like MAC labels and ACLS
> done
> > > entirely in userspace
> > > on top of the kernel xattr API, or 
> > > b) multiple separate APIs for distinct
> attributes
> > > like ACLs and MAC
> > > labels as well as the xattr API.
> > 
> > Security attributes are stored as "root"
> attributes.
> > The xattr interface does not make them generally
> > available, even to the owner.
> > 
> > The POSIX P1003.1e interfaces (please read the
> > draft sometime, it will help) mac_get_file()
> > and mac_set_file() are implemented as system
> > calls because they implement a less restrictive
> > policy than is required of xattr root attributes.
> 
> We store labels as extended attributes in a reserved
> namespace
> ("security.").  Thus a mac_get_file() is simply a
> library wrapper
> around getxattr.  The namespace for security labels
> is reserved and
> security checks for those labels are handled by the
> security modules.

So if ls calls mac_get_file the security module
identifies the namespace as one with specific
rules and treats the information with reverence
appropropriate to the namespace. But are ACLs
and Sensitivity Labels treated the same, or
as appropriate to each?

> I don't see what exactly you are taking issue with.

I'm not, for a change. Simply describing how
Trix does it.


Casey Schaufler
casey@schaufler-ca.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



This archive was generated by hypermail 2.1.3 : Mon Jul 25 2005 - 21:09:04 PDT