--- Chris Wright <chrisw@private> wrote:
> * Casey Schaufler (casey@schaufler-ca.com) wrote:
> > --- Chris Wright <chrisw@private> wrote:
> > > Separate namespace, so appropriate for each.
> >
> > So the file system specific code for a file
> > system could, if such a hook existed, call
> > xattr = security_supply_xattr("security.BandL",
> inode)
> >
> > This would seem no less intrusive than a
> > defaulting scheme to me, and might be acceptable
> > "upstream".
>
> That's exactly what is done. The patch is only
> moving the logic into
> a central location for those that don't have the
> various xattr ops
> filed out. Those that do have them check for
> "security." prefix and
> start talking to the module until it comes to
> reading/writing data to disk.
I still think that putting the explicit call
into each filesystem that needs it is the right
approach with the right granularity because
the behavior is file system specific.
But heck, you're putting the code in. It
would be more work to do it the way I'm
suggesting.
Casey Schaufler
casey@schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Tue Jul 26 2005 - 07:36:29 PDT