Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

From: Stephen Smalley <sds@epoch.ncsc.mil>
To: Christoph Hellwig <hch@infradead.org>
Cc: Linus Torvalds <torvalds@transmeta.com>,
	"Ted Ts'o" <tytso@mit.edu>,
	Andreas Gruenbacher <a.gruenbacher@computer.org>,
	Stephen Tweedie <sct@redhat.com>,
	lkml <linux-kernel@vger.kernel.org>,
	lsm <linux-security-module@wirex.com>
Subject: Re: [PATCH] Extended Attributes for Security Modules against 2.5.68
Date: 24 Apr 2003 08:55:46 -0400	[thread overview]
Message-ID: <1051188945.14761.284.camel@moss-huskers.epoch.ncsc.mil> (raw)
In-Reply-To: <20030423212004.A7383@infradead.org>

On Wed, 2003-04-23 at 16:20, Christoph Hellwig wrote:
> That doesn't matter at all for this question - if you have a selinux_label
> attribute you can add your different policies with string labels to
> it.  But don't mix it up with others.

Ok, so you still favor using a distinct attribute name for SELinux
attributes.  Andreas Gruenbacher had suggested during the earlier thread
that we use something like the xattr_trusted.c attribute handler, so
that a single xattr handler would cover all security modules but each
security module could have its own attribute name (security.selinux,
security.dte, security.capabilities, etc).  As I explained during that
thread, I don't think we want to use the trusted attribute handler
itself due to its permission checking model, but it would be easy to
make the xattr_security.c handler more like xattr_trusted.c in terms of
allowing arbitrary extensions of a "security." prefix.  Is that more to
your liking, or do you truly want a separate handler for each security
module?  I see the latter as undesirable as it requires each security
module to separately reserve a name and an index in each filesystem.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency