On Tue, 2005-07-26 at 07:33 -0700, Casey Schaufler wrote: > I still think that putting the explicit call > into each filesystem that needs it is the right > approach with the right granularity because > the behavior is file system specific. > > But heck, you're putting the code in. It > would be more work to do it the way I'm > suggesting. The behavior isn't truly filesystem-specific when the filesystem has no xattr support ;) In any event, we'll see what people think on linux-fsdevel about that tradeoff; that is the next stop for this patch. The major issue I wanted to vet here (on linux-security-module) was whether we wanted to provide a generic fallback for setxattr as well or only for getxattr, as setxattr on arbitrary filesystem types seemed potentially worrisome from a security perspective (although it can be controlled by the security module, as I've noted). -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Tue Jul 26 2005 - 07:46:41 PDT