Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

[Christoph Hellwig <hch@infradead.org>]

On Wed, Apr 23, 2003 at 03:17:57PM -0400, Stephen Smalley wrote:
> On Wed, 2003-04-23 at 14:45, Christoph Hellwig wrote:
> > Randomly userland shouldn't deal with these xattrs.  Remember you are
> > talking about the ondisk represenation of your labelling - nothing
> > but the labelling tools should ever touch it.
> 
> Not true.  ls should be able to display the security label.  find should
> be able to locate files that have specific security labels.  cp should
> be able to preserve the security label on copies.  logrotate should be
> able to preserve the security label when rotating logs.  crond should be
> able to check the security label on a crontab spool file to verify
> consistency with the user's credentials with which the cron job will
> run.  login/sshd need to set the security label on the user's terminal
> device.  You'll find plenty of examples of patched userland in SELinux,
> but none of these patches are specific to a particular set of security
> attributes.  They just handle them as strings.

And all these should _not_ happen in the actual tools but in a
pluggable security module (something like pam).  Encoding any security
policy and especially a xattr name in those utils is bad.

And see, you start to contradict what you said before - with your
suggestion cron has to know what the label means, so your selinux
cron would do stupid things with say may Posix 1003.1e MAC filesystem.